Chapter 9 - 01 - Understand Secure Application Design and Architecture PDF

Summary

This chapter covers secure application design and architecture. It discusses security requirements, design principles, and best practices to prevent vulnerabilities. The different aspects of application security and how to develop secure applications are explained using examples and illustrations.

Full Transcript

Certified Cybersecurity Technician Application Security Exam 212-82 Security Requirement Specifications Software security requirements are non functional requirements,. which need to be addressed to maintain the confidentiality, integrity, and availability of the application I @ Stakeholders often o...

Certified Cybersecurity Technician Application Security Exam 212-82 Security Requirement Specifications Software security requirements are non functional requirements,. which need to be addressed to maintain the confidentiality, integrity, and availability of the application I @ Stakeholders often overlook security requirement during T the inception phase of software development ‘ This negligence may result in the application being vulnerable to different types of attacks or getting abused 1.. Gathering security requirements should be part of the strategic application development process Copyright © by EC-Council. All Rights Reserved. Reproductionis Strictly Prohibited. Security Requirement Specifications Software security requirements are non-functional requirements, which need to be addressed to maintain the confidentiality, integrity, and availability of the application. Stakeholders often overlook security requirement during the inception phase of software development. This negligence may result in the application being vulnerable to different types of attacks or getting abused. Gathering security requirements should be part of the strategic application development process. Security requirements give the developer an overview about key security controls required to build secure application. It also specifies the security mechanisms that need to be implemented in order to comply with regulations, standards or requirements for the secure application development and attack protection. Correctly understood security requirements can help in implementing security in design, development, and testing stages. Module 09 Page 1150 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 Define Secure Design Principles Secure design principles are the state of practices or guidelines that should be enforced on the developers to follow during development phase It helps in deriving secure architectural decisions It helps to eliminate design and architecture flaws and mitigate common security vulnerabilities within the application Copyright © by EC-Councll. All Rights Reserved. Reproduction is Strictly Prohibited Define Secure Design Principles (Cont’d) Separation of duties NN N Keep security simple N N Enable auditing and logging N N Reduce attack surface N N Do not trust user input Protect memory or storage secrets Fault tolerance N N Apply defense in depth Secure memory management Fault detection N N Fail securely Exception handling Fault removal N N Secure by default Apply security in design phase Fault avoidance S N Use least privilege principle S Secure the weakest link Fix security issues correctly Remove unreachable code A Security through obscurity A NN List of secure design principles to prevent common security vulnerabilities: Avoid dead code Copyright © by E. Al Rights Reserved. Reproduction is Strictly Prohibited Define Secure Design Principles Secure design principles are the state of practices or guidelines that should be enforced on the developers to follow during development phase. It helps in deriving secure architectural decisions. It helps to eliminate design and architecture flaws and mitigate common security vulnerabilities within the application. Module 09 Page 1151 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 List of secure design principles to prevent common security vulnerabilities: Security through obscurity Security Through Obscurity (STO) relies on preventing access to certain users to protect internal data. STO systems may have theoretical or actual security vulnerabilities, but designers believe that flaws are unknown and attackers are unlikely to find them. Its usefulness has declined with the rise of open systems, networking, greater understanding of programming techniques, and increased capabilities of home users. Secure the weakest link Attackers target a system that is easy to penetrate. For example, to gain access to the encrypted data on the network, attackers will not intercept the data encryption; instead they will go after the end points of communication and crack to find a flaw that discloses the data. Identify and strengthen the areas at risk until levels of risk are satisfactory. Use least privilege principle Applications with maximum system privileges are vulnerable to the attacks. For example, many web applications use database admin account though not required to connect to the backend database, enhancing the impact of SQL injection exploits. Using least privilege principle protects application from malicious attacks by: o Determining and assigning rights only to those who require privileges to complete the specific task. o Avoiding applications that get installed and run by default. o Writing applications that can be used by users having non-administrative privileges. Secure by default The software solution or application provided to the users should be security enabled by default. If permitted, it is up to the user to reduce the security. For example, by default the security feature password aging and complexity should be enabled. Fail securely The developer should not give application secrets by default error messages. Application that discloses confidential information on failure assists attackers in creating an attack. When an application fails, determine what may occur and ensure that it does not threaten the application. Always provide logical and useful error messages to the users and store the details in the log file. Apply defense in depth The architects and developers should consider all the levels of the software to impose security while developing software. Implement security mechanisms at different layers that include network layer, kernel layer, physical layer, and the file system layer. Module 09 Page 1152 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security = Exam 212-82 Do not trust user input Protect the application from all malicious inputs coming from the user input to the application. Consider all inputs as a malicious input and apply security measures to restrict them. = Reduce attack surface Application attack surface area is to be minimized by reducing the number of entry points into the application. Remove or turn off the features, protocols, and functionality which are not in use to minimize number of vulnerabilities and the overall risk. For example, if a vulnerability exists in a way an XML is parsed, denying XML from unknown users minimizes that security vulnerability. = Enable auditing and logging Auditing and logging states how the security related events are recorded by an application. Auditing enables identification of attacks or intruders in progress, whereas logging aids in identifying how an attack is performed. Perform auditing and logging to gather information about attacks. = Keep security simple If the design is complicated, it is hard to understand and errors are likely to occur in implementation, configuration, and use. On the other hand, if the complexity of security mechanisms increases, the effort required to reach the appropriate level of software assurance also increases. Avoid complex architectures and opt for simpler approaches that are fast and simple. = Separation of duties Separation of duties is the key control of fraud. When assigning privileges, system roles are to be considered. In general, system administrators are also the users as some super user privileges are required to make the system run. For example, system administrator can set the password policy, turn off or on the system, etc. but should not be able to log in as a super-privileged user. = Fix security issues correctly When a security issue is identified, fix it, considering it as the actual problem, and then go through the security process as you do for the new code, ensuring that the fix does not introduce new errors. For example, user capable of viewing another user’s account balance by simply adjusting cookie. In this context once the security issue is fixed it has to be tested on all the applications as cookie handling code is shared among all applications. = Apply security in design phase Before starting the application development process, always consider security issues that can help prevent many security vulnerabilities. Considering security issues helps you understand exploits. Module 09 Page 1153 the coding weaknesses and vulnerabilities from the most obvious Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security = Exam 212-82 Protect sensitive data Do not hard code the sensitive data such as passwords in the program. Use data encryption mechanism to transmit data over the network. = Exception handling Events that disrupt the coding process are called exceptions. Exception handling occurs when error conditions interrupt the normal flow of a program’s execution. Programmers have difficulty in designing for exception handling, as continuous checking for error conditions is necessary. Proper use of exception handling helps to ensure proper error handling. = Secure memory management Check memory bounds on the length of input variables, arrays, and arguments to prevent buffer overflow attacks. Apply coding standards for simplicity, which help in implementing security in the program and keep things simple. = Protect memory or storage secrets Encrypt secrets to protect memory storage from ending up in crash dump file. Use a perfect cryptographic method to perform encrypting secrets process. Scrub secrets in memory storage before deletion. = Fault tolerance Strategy applied to software design (or system design) to permit system to continue functioning even in the presence of faults by enhancing its robustness. ®* Fault detection Closely linked to fault tolerance, responses of system behavior. used in detecting faults and Examples include system producing monitors, appropriate safety monitors, built-in tests, loop-back tests, etc. = Fault removal Removes faults during design process. Examples include error detection, verification through inspection, built-in testing, correction functions, etc. = Fault avoidance Avoids errors that contribute to system faults during the Examples include defensive programming, error minimization development during design process. process, minimization of safety critical code, using appropriate SDLC techniques, etc. = Remove unreachable code Unreachable code is a portion of the source code used for application development that cannot be executed because of control flow errors in the program. Unreachable code occurs when developers follow poor and insecure coding practices, commit software errors, or neglect to delete redundant code. Unreachable code, if left undetected, can Module 09 Page 1154 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security cause unwanted Exam 212-82 memory overheads and cache cycles, making the application vulnerable to attacks and performance bottlenecks. » Avoid dead code Dead code is unwanted code in an application source code that cannot be executed. The execution of dead code does not cause any effect on or change in the behavior of an application. Dead code can make the source code more complex and vaguer, thereby decreasing removed the performance and by using any of the security of the latest tools and application. techniques Dead code to prevent should any be security loopholes or failures that can make the application vulnerable to attacks. Module 09 Page 1155 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser