Geek Answers Handbook

How to create an application with security in mind?

On the net, I found the following phrase:

Software security is not the top of your application; it is included in your application from the very beginning.

But how do you design a system with security in mind?

+4
source share
4 answers

As the first and starting point of all security considerations, you need to define a threat model : what things do you want, what happens, what do you want to prevent, what things do you dislike if they happen?

Then, for each threat, explain how your system prevents this threat. What an expert in security experts makes is primarily an intuition of what threats usually occur in systems. You will learn that reading the literature is often the same threats that challenge many systems.

+4
source

Security consists of many different areas and, frankly, is a massive field. I could give you some points, but you really need to research. For instance:

  • Save passwords as (salted) hashes
  • Clear all input from any external systems.
  • Keep and check comprehensive logs
  • Performing Software Updates

But, as I said, this is a huge area that is constantly changing. It would be best to take a book on this subject.

+1
source

Threat models are nonsense; everything that a security expert suggests is probably garbage. A code is not protected if it is protected only in certain circumstances. Proper encapsulation is safe, which proves E.

Check E language with orthogonal security (object capability model). This is a good proof of concept, there are other languages ​​like Joe-E, which is the same paradigm for Java, Emily for Ocaml, Oz-E for Oz. Unfortunately, E is dynamically typed, but, fortunately, it is made much smarter than other dynamic typing languages ​​that I have seen. Even if you don’t stop using E for anything, it still teaches you how security is natural in sound design.

This is actually how security should be ensured; when I think of a computer, I think of a device designed to run algorithms and software. I never expected that a flash game could compromise my entire system and steal all my data. But a few days ago, I ran fully updated windows 7 installed on my lab PC, and he got a compromise after browsing the Internet with a completely updated Firefox / Flash a day later. This is not how the computer should work; you don’t need to worry that reading a specific passage will lead to the theft of your bank account. But the unfortunate fact is that every de facto O / S is fundamentally wrong in this way and always will be, because they are written in unsafe languages.

In any case, some fundamental things that will help safety:

  • there is no global volatile state, there is no reason for this.
  • view above: do not write to random hard-coded paths in the file system, this will cause collisions and more errors and vulnerabilities. Ideally, you should just get a handle to some persistent storage passed to your program by the operating system that you can read / write, then it would be impossible to run into it, Java java.util.prefs.Preferences does just that.
  • try to make the most of typed data. stay away from toy languages ​​that encourage text parsing to do everything, and languages ​​that are poorly typed, like bash, Perl, PHP, JavaScript, tcl, C / C ++, Python *, etc. Every time you manually avoid HTML by escaping the input to the bash command, avoiding input in SQL, you are asking for problems. Speaking of HTML, avoid making your web application if possible, as the website was not secure.
  • no eval, this nonsense
  • encapsulate correctly, it is vital for any orthogonal security language, you cannot make a getSocket () function that creates a file on your system and renames ~ / home / lol to ~ / home / wtf, follow the Law of Demeter.

Basically, just follow good practices (which don't really exist) and you will be safe. Sound design = Security = Speed ​​= Usability (but not muffled). Encapsulation is key, E forces you to do the right encapsulation.

* C / C ++ is prohibited. period. Even the best mathematicians in the world cannot write large-scale C / C ++ programs without serious vulnerabilities. The best case that I know of is the microkernel of a line measuring 4000 thousand, which turned out to be 250 thousand. Lines of evidence. I have never seen a large video game written in C ++ without serious vulnerabilities.

** Python is strongly typed, but it is still error-prone because it encourages things like intercepting monkeys, inheritance (but there is no way to prevent conflicts with the private names of participants, which is always a problem). The scope is virtual, so when you access any local variable, it is looked up in a dict. It has eval / exec. Everyone just messes things up, which leads to arbitrary code execution (i.e. you can never use someone else's data from a Python program because it can have a pickle that will own you when you read it). It is slow as hell, and is likely to always be compared to statically typed languages.

+1
source

There are software development programs, such as Microsoft's security development life cycle (SDL), that you can use alongside your usual development methodology during development. The quote is very correct, you cannot add security to the application after it is complete, or when you do, it will be much more expensive than doing it from the very beginning. The security process can help you figure out where the risks are (risk management) and protect those parts of the application that contain the most sensitive information.

However, for a moral developer (like me) to develop safe software. If security is valuable enough for your boss or your client: hire a security engineer. He should help you in this process.
0
source

More articles:


All Articles