Security By Design

Welcome

Design?

Design!  Done before actual work  Multiple aspects  Infrastructure  Architecture  Software  Visual Components

Infrastructure

Physical Access

The Server

Hardening

Firewalling

Firewalling  IP Level  Filter by source and destination  Port (service) based  Appplication Level  Also called Proxy  Can be used for performance and caching as well

Network layout  Public Network  Proxy  Webserver  Private Network  Webserver  Datebase  Caches  Storage

The Storage

Architecture!

Architecture  Establish Privilege separation  Work with least amount of privileges  Do not run anything as root  Separate Database access  Read only access  Write access

Software

Software  Written from the ground to be secure  Does not rely on secret implementations  Perfect for open source  Separation of concerns  Familiar concept from OOP

Decouple

Validate Input  Enforce types  Do not repair broken data  Sanitize input as needed  And where needed

Keep it simple!

Deny by default

More rules?  Enable E_STRICT and E_NOTICE  Add E_DEPRECATED on PHP 5.3  Split code into modules  Allows for flexible security and access policies  Make sure your code can handle broken input gracefully

Visual Feedback

Visual Feedback Do not train users wrong An “alert” is not a confirmation

Visual Design Try to follow HIGs Adopt to OS order of buttons and actions

Visual Design Be specific in wording Do not mix PIN, Password, Code, Token for the same thing

Visual Design Be aware of i18n / i10n Some icons may not mean the same all over the world

Everything done as told

Failure... or how to break it

Man in the middle  Technically a Proxy  Quite a famous attack vector  Can work like a proxy  Even works with SSL  Extended Security Certificates may help here  Information disclosure

Phishing  User is lurked to a cloned look-alike site  Usually slightly modified to contain  Additional input fields  Overwritten target for form submits  Hard to detect  Check referrer in logs  Disallow image loading from 3rd party  Implement anti csrf tokens  Blocks the clone from “save” redirects

Click jacking  Not an exploit  Not a validation problem  Invisible iframe  Uses CSS to be made transparent  Not detectable server side  Only JavaScript to the rescue  Compare location of top and self  top.location.href == self.location.href

And There Was Light..

100% Secure?  Impossible to achieve  Never underestimate bored kids ;)

Cost of security

Security is a process A flexible process can be changed A flexible software can adopt to new needs

Congrats!

Thank you!

http://joind.in/talk/view/914

Contact  Slides will be on slideshare  http://slideshare.net/theseer  http://www.slideshare.net/group/thephpcc  Contact options  Email: team@thePHP.cc / arne@thePHP.cc  Follow us on twitter:  @arneblankerts  @thephpcc

Security By Design

by Arne Blankerts on Oct 21, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 6

Statistics

Security By Design — Presentation Transcript