SlideShare a Scribd company logo

Principles for Secure Design and Software Security

Mona Rajput
Mona Rajput

This lectures helps in Information security course

Science
1 of 28
Download to read offline
Information Security Mamoona Jabbar
Secure Design The core pillars of information security: Confidentiality – only allow access to data for which the user is permitted Integrity – ensure data is not tampered or altered by unauthorized users Availability – ensure systems and data are available to authorized users when they need it
Security Principles The security principles outlined in Michael Howard and David LeBlanc’s book Writing Secure Code • Minimize attack surface area • Establish secure defaults • The principle of least privileges • The principle of defence in depth • Fail securely • Don’t trust services • Separation of duties • Avoid security by obscurity • Keep security simple • Fix security issue correctly
Minimize attack surface area Every time a programmer adds a feature to their application, they are increasing the risk of a security vulnerability. The principle of minimizing attack surface area restricts the functions that users are allowed to access, to reduce potential vulnerabilities. Example: The developer could limit access to the search function, so only registered users could use it — reducing the attack surface and the risk of a successful attack.
Establish secure defaults This principle states that the application must be secure by default. That means a new user must take steps to obtain higher privileges and remove additional security measures (if allowed). Establishing safe defaults means there should be strong security rules for how user registrations are handled, how often passwords must be updated, how complex passwords should be and so on. Application users may be able to turn off some of these features, but they should be set to a high-security level by default.
The principle of Least privilege The Principle of Least Privilege (POLP) states that a user should have the minimum set of privileges required to perform a specific task. The POLP can be applied to all aspects of a web application, including user rights and resource access. For example, a user who is signed up to a blog application as an “author” should not have administrative privileges that allow them to add or remove users. They should only be allowed to post articles to the application.
The Principle of Defence in depth The principle of defence in depth states that multiple security controls that approach risks in different ways is the best option for securing an application. So, instead of having one security control for user access, you would have multiple layers of validation, additional security auditing tools, and logging tools. For example, instead of letting a user login with just a username and password, you would use an IP check, a Captcha system, logging of their login attempts, brute force detection and so on.
Fail Securely There are many reasons why a web application would fail to process a transaction. Perhaps a database connection failed, or the data inputted from a user was incorrect. This principle states that applications should fail in a secure way. Failure should not give the user additional privileges, and it should not show the user sensitive information like database queries or logs.
Don’t trust services Many web applications use third-party services for accessing additional functionality or obtaining additional data. This principle states that you should never trust these services from a security perspective. That means the application should always check the validity of data that third-party services send and not give those services high-level permissions within the app
Separation of duties Separation of duties can be used to prevent individuals from acting fraudulently. For example, a user of an eCommerce website should not be promoted to also be an administrator as they will be able to alter orders and give themselves products. The reverse is also true — an administrator should not have the ability to do things that customers do, like order items from the front end of the website.
Avoid security by obscurity This OWASP principle states that security by obscurity should never be relied upon. If your application requires its administration URL to be hidden so it can remain secure, then it is not secure at all. There should be sufficient security controls in place to keep your application safe without hiding core functionality or source code.
Keep security Simple Developers should avoid the use of very sophisticated architecture when developing security controls for their applications. Having mechanisms that are very complex can increase the risk of errors.
Fix security issues correctly If a security issue has been identified in an application, developers should determine the root cause of the problem. They should then repair it and test the repairs thoroughly. If the application uses design patterns, it is likely that the error may be present in multiple systems. Programmers should be careful to identify all affected systems.
Principles for Secure Design
Principles for a Secure design • Design security in from the start • Allow for future security enhancement • Minimize and isolate security controls • Employ least privilege • Structure the security relevant features • Make security friendly • Don’t depend on secrecy for security Morrie Gasser 1988
To Make Security Friendly • Security should not impact users who obey the rules • It should be easy for users to give access • It should be easy for users to restrict access • Established defaults should be reasonable
Principles for Software Security
Principles for Software security • Secure the weakest link • Practice defense in depth • Fail securely • Follow the principle of least privilege • Compartmentalize • Keep it simple • Promote privacy • Remember that hiding secrets is hard • Be reluctant to trust • Use your community resources Viega and McGraw 2001
Secure the Weakest Link • A software security system is only as strong as its weakest link • Attackers go after the easy targets • they will go after endpoints rather than trying to crack encryption • they will attempt to crack an application visible through the firewall rather than firewall itself • Identify and strengthen weak links until an acceptable level of risk is achieved
Practice Defense in depth • Use diverse defensive strategies • If one layer turns out to be inadequate, another layer will hopefully prevent a complete compromise • firewall to protect subnet, but sensitive information on the subnet is encrypted • DoD Eligible Receiver experience 1997
Fail Securely • If your software has to fail, make sure it does it securely
Follow the Principle of Least Privilege • Only the minimum amount of access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary
Compartmentalize • Basic access building block is not all or nothing • Minimize the amount of damage that can be done by breaking the system into units • Very few operating systems do this because it is difficult to manage • Root privilege is an example of how not to do it
Keep it Simple • Complex design is never easy to understand
Promote privacy • Try not to do anything that compromises the privacy of the user • Often trades off against usability • System should forget credit card numbers • Users hate having to type it in each time • Should extend to systems and code • No reason to give out any more information than necessary (e.g., OS name and version)
Remember that Hiding Secrets is Hard • Skilled youth can avoid any protection that a company tries to hardcode into their software (e.g., DVD viewers) • Binaries can be reverse engineered
Be Reluctant to Trust • Instead of making assumptions that need to hold true, you should be reluctant to extend trust • How can any COTS component be trusted to be secure? • Just because a particular security feature is an emerging standard doesn’t mean it actually makes sense • Sometimes it is prudent not to trust yourself
Use your Community Resources • Repeated use without failure promotes trust • Public scrutiny promotes trust

Recommended

Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Ewug 1808 take conditional access to the next level
Ewug 1808 take conditional access to the next levelEwug 1808 take conditional access to the next level
Ewug 1808 take conditional access to the next levelPer Larsen
 
Scug 1809 Take conditional access to the next level
Scug 1809 Take conditional access to the next levelScug 1809 Take conditional access to the next level
Scug 1809 Take conditional access to the next levelPer Larsen
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 

Recommended

Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Ewug 1808 take conditional access to the next level
Ewug 1808 take conditional access to the next levelEwug 1808 take conditional access to the next level
Ewug 1808 take conditional access to the next levelPer Larsen
 
Scug 1809 Take conditional access to the next level
Scug 1809 Take conditional access to the next levelScug 1809 Take conditional access to the next level
Scug 1809 Take conditional access to the next levelPer Larsen
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
On Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysRisk Analysis Consultants, s.r.o.
 
Cyber ark training
Cyber ark trainingCyber ark training
Cyber ark trainingGlobal Online Trainings
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Marco Di Martino
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSCamilo Fandiño Gómez
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
presentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMpresentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMvictor bueno
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...Anton Chuvakin
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton ChuvakinAnton Chuvakin
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Presentacion demo mc afee siem
Presentacion demo mc afee siemPresentacion demo mc afee siem
Presentacion demo mc afee siemvictor bueno
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.pptDrBasemMohamedElomda
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design ConceptsMohammed Fazuluddin
 

More Related Content

What's hot

On Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Marco Di Martino
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
presentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMpresentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMvictor bueno
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...Anton Chuvakin
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton ChuvakinAnton Chuvakin
 
Presentacion demo mc afee siem
Presentacion demo mc afee siemPresentacion demo mc afee siem
Presentacion demo mc afee siemvictor bueno
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk
 

What's hot (20)

On Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton Chuvakin
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
 
Cyber ark training
Cyber ark trainingCyber ark training
Cyber ark training
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
 
Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaS
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?
 
presentacion Demo McAfee SIEM
presentacion Demo McAfee SIEMpresentacion Demo McAfee SIEM
presentacion Demo McAfee SIEM
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
 
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
 
CyberArk
CyberArkCyberArk
CyberArk
 
Presentacion demo mc afee siem
Presentacion demo mc afee siemPresentacion demo mc afee siem
Presentacion demo mc afee siem
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy Intro
 

Similar to Principles for Secure Design and Software Security

Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principlessluge
 
Fragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppFragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppAppsecco
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Security Innovation
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfigurationMicho Hayek
 
Security Principles and Protection Mechanism
Security Principles and Protection MechanismSecurity Principles and Protection Mechanism
Security Principles and Protection MechanismMona Rajput
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10APSU
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptxsalutiontechnology
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxrahulkumarcscsf21
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxyasirkhokhar7
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 

Similar to Principles for Secure Design and Software Security (20)

Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principles
 
Fragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppFragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your App
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
Security Principles and Protection Mechanism
Security Principles and Protection MechanismSecurity Principles and Protection Mechanism
Security Principles and Protection Mechanism
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptx
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
 
Unit4
Unit4Unit4
Unit4
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 

Recently uploaded

zoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzohaibmir069
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡anilsa9823
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...Sérgio Sacani
 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxkessiyaTpeter
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Sérgio Sacani
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxUmerFayaz5
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Nistarini College, Purulia (W.B) India
 
Ahmedabad Call Girls Service 9537192988 can satisfy every one of your dreams
Ahmedabad Call Girls Service 9537192988 can satisfy every one of your dreamsAhmedabad Call Girls Service 9537192988 can satisfy every one of your dreams
Ahmedabad Call Girls Service 9537192988 can satisfy every one of your dreamsoolala9823
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Patrick Diehl
 
A relative description on Sonoporation.pdf
A relative description on Sonoporation.pdfA relative description on Sonoporation.pdf
A relative description on Sonoporation.pdfnehabiju2046
 
Orientation, design and principles of polyhouse
Orientation, design and principles of polyhouseOrientation, design and principles of polyhouse
Orientation, design and principles of polyhousejana861314
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...RohitNehra6
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsSérgio Sacani
 
GFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxGFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxAleenaTreesaSaji
 
Neurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trNeurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trssuser06f238
 
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |aasikanpl
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PPRINCE C P
 
Analytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptxAnalytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptxSwapnil Therkar
 

Recently uploaded (20)

zoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistan
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
 
The Philosophy of Science
The Philosophy of ScienceThe Philosophy of Science
The Philosophy of Science
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptx
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...
 
Ahmedabad Call Girls Service 9537192988 can satisfy every one of your dreams
Ahmedabad Call Girls Service 9537192988 can satisfy every one of your dreamsAhmedabad Call Girls Service 9537192988 can satisfy every one of your dreams
Ahmedabad Call Girls Service 9537192988 can satisfy every one of your dreams
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?
 
A relative description on Sonoporation.pdf
A relative description on Sonoporation.pdfA relative description on Sonoporation.pdf
A relative description on Sonoporation.pdf
 
Orientation, design and principles of polyhouse
Orientation, design and principles of polyhouseOrientation, design and principles of polyhouse
Orientation, design and principles of polyhouse
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
 
GFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxGFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptx
 
Neurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trNeurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 tr
 
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
 
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C P
 
Analytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptxAnalytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptx
 

Principles for Secure Design and Software Security

  • 2. Secure Design The core pillars of information security: Confidentiality – only allow access to data for which the user is permitted Integrity – ensure data is not tampered or altered by unauthorized users Availability – ensure systems and data are available to authorized users when they need it
  • 3. Security Principles The security principles outlined in Michael Howard and David LeBlanc’s book Writing Secure Code • Minimize attack surface area • Establish secure defaults • The principle of least privileges • The principle of defence in depth • Fail securely • Don’t trust services • Separation of duties • Avoid security by obscurity • Keep security simple • Fix security issue correctly
  • 4. Minimize attack surface area Every time a programmer adds a feature to their application, they are increasing the risk of a security vulnerability. The principle of minimizing attack surface area restricts the functions that users are allowed to access, to reduce potential vulnerabilities. Example: The developer could limit access to the search function, so only registered users could use it — reducing the attack surface and the risk of a successful attack.
  • 5. Establish secure defaults This principle states that the application must be secure by default. That means a new user must take steps to obtain higher privileges and remove additional security measures (if allowed). Establishing safe defaults means there should be strong security rules for how user registrations are handled, how often passwords must be updated, how complex passwords should be and so on. Application users may be able to turn off some of these features, but they should be set to a high-security level by default.
  • 6. The principle of Least privilege The Principle of Least Privilege (POLP) states that a user should have the minimum set of privileges required to perform a specific task. The POLP can be applied to all aspects of a web application, including user rights and resource access. For example, a user who is signed up to a blog application as an “author” should not have administrative privileges that allow them to add or remove users. They should only be allowed to post articles to the application.
  • 7. The Principle of Defence in depth The principle of defence in depth states that multiple security controls that approach risks in different ways is the best option for securing an application. So, instead of having one security control for user access, you would have multiple layers of validation, additional security auditing tools, and logging tools. For example, instead of letting a user login with just a username and password, you would use an IP check, a Captcha system, logging of their login attempts, brute force detection and so on.
  • 8. Fail Securely There are many reasons why a web application would fail to process a transaction. Perhaps a database connection failed, or the data inputted from a user was incorrect. This principle states that applications should fail in a secure way. Failure should not give the user additional privileges, and it should not show the user sensitive information like database queries or logs.
  • 9. Don’t trust services Many web applications use third-party services for accessing additional functionality or obtaining additional data. This principle states that you should never trust these services from a security perspective. That means the application should always check the validity of data that third-party services send and not give those services high-level permissions within the app
  • 10. Separation of duties Separation of duties can be used to prevent individuals from acting fraudulently. For example, a user of an eCommerce website should not be promoted to also be an administrator as they will be able to alter orders and give themselves products. The reverse is also true — an administrator should not have the ability to do things that customers do, like order items from the front end of the website.
  • 11. Avoid security by obscurity This OWASP principle states that security by obscurity should never be relied upon. If your application requires its administration URL to be hidden so it can remain secure, then it is not secure at all. There should be sufficient security controls in place to keep your application safe without hiding core functionality or source code.
  • 12. Keep security Simple Developers should avoid the use of very sophisticated architecture when developing security controls for their applications. Having mechanisms that are very complex can increase the risk of errors.
  • 13. Fix security issues correctly If a security issue has been identified in an application, developers should determine the root cause of the problem. They should then repair it and test the repairs thoroughly. If the application uses design patterns, it is likely that the error may be present in multiple systems. Programmers should be careful to identify all affected systems.
  • 15. Principles for a Secure design • Design security in from the start • Allow for future security enhancement • Minimize and isolate security controls • Employ least privilege • Structure the security relevant features • Make security friendly • Don’t depend on secrecy for security Morrie Gasser 1988
  • 16. To Make Security Friendly • Security should not impact users who obey the rules • It should be easy for users to give access • It should be easy for users to restrict access • Established defaults should be reasonable
  • 18. Principles for Software security • Secure the weakest link • Practice defense in depth • Fail securely • Follow the principle of least privilege • Compartmentalize • Keep it simple • Promote privacy • Remember that hiding secrets is hard • Be reluctant to trust • Use your community resources Viega and McGraw 2001
  • 19. Secure the Weakest Link • A software security system is only as strong as its weakest link • Attackers go after the easy targets • they will go after endpoints rather than trying to crack encryption • they will attempt to crack an application visible through the firewall rather than firewall itself • Identify and strengthen weak links until an acceptable level of risk is achieved
  • 20. Practice Defense in depth • Use diverse defensive strategies • If one layer turns out to be inadequate, another layer will hopefully prevent a complete compromise • firewall to protect subnet, but sensitive information on the subnet is encrypted • DoD Eligible Receiver experience 1997
  • 21. Fail Securely • If your software has to fail, make sure it does it securely
  • 22. Follow the Principle of Least Privilege • Only the minimum amount of access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary
  • 23. Compartmentalize • Basic access building block is not all or nothing • Minimize the amount of damage that can be done by breaking the system into units • Very few operating systems do this because it is difficult to manage • Root privilege is an example of how not to do it
  • 24. Keep it Simple • Complex design is never easy to understand
  • 25. Promote privacy • Try not to do anything that compromises the privacy of the user • Often trades off against usability • System should forget credit card numbers • Users hate having to type it in each time • Should extend to systems and code • No reason to give out any more information than necessary (e.g., OS name and version)
  • 26. Remember that Hiding Secrets is Hard • Skilled youth can avoid any protection that a company tries to hardcode into their software (e.g., DVD viewers) • Binaries can be reverse engineered
  • 27. Be Reluctant to Trust • Instead of making assumptions that need to hold true, you should be reluctant to extend trust • How can any COTS component be trusted to be secure? • Just because a particular security feature is an emerging standard doesn’t mean it actually makes sense • Sometimes it is prudent not to trust yourself
  • 28. Use your Community Resources • Repeated use without failure promotes trust • Public scrutiny promotes trust