Log in Subscribe

Core Security Principles plus Concepts

Sehested Weinstein
· 12 min read
Core Security Principles plus Concepts

# Chapter 3: Core Security Principles and Concepts

Just before diving further into threats and defense, it's essential to establish the fundamental principles that underlie application security. These kinds of core concepts happen to be the compass through which security professionals find their way decisions and trade-offs. They help answer why certain handles are necessary and what goals we are trying in order to achieve. Several foundational models and concepts guide the design in addition to evaluation of protected systems, the almost all famous being typically the CIA triad in addition to associated security concepts.

## The CIA Triad – Confidentiality, Integrity, Availability

At the heart of information safety measures (including application security) are three primary goals:

1. **Confidentiality** – Preventing unauthorized access to information. In simple terms, maintaining secrets secret. Only those who are usually authorized (have the right credentials or perhaps permissions) should be able to see or use hypersensitive data. According to be able to NIST, confidentiality means "preserving authorized constraints on access and disclosure, including method for protecting individual privacy and proprietary information"​
PTGMEDIA. PEARSONCMG. COM
. Breaches regarding confidentiality include phenomena like data leakages, password disclosure, or an attacker reading through someone else's email messages. A real-world example is an SQL injection attack of which dumps all user records from a new database: data that should are actually secret is exposed to typically the attacker. The alternative involving confidentiality is disclosure​
PTGMEDIA. PEARSONCMG. COM
– when data is revealed to those not authorized to see it.

two. **Integrity** – Safeguarding data and techniques from unauthorized modification. Integrity means that information remains accurate and trustworthy, plus that system capabilities are not interfered with. For illustration, when a banking app displays your bank account balance, integrity measures ensure that a great attacker hasn't illicitly altered that balance either in transportation or in typically the database. Integrity can certainly be compromised simply by attacks like tampering (e. g., altering values in a WEB ADDRESS to access somebody else's data) or even by faulty computer code that corrupts info. A classic mechanism to assure integrity is definitely the use of cryptographic hashes or validations – in case a record or message is definitely altered, its personal will no longer verify. The reverse of integrity will be often termed alteration – data getting modified or dangerous without authorization​
PTGMEDIA. PEARSONCMG. COM
.

three or more. **Availability** – Guaranteeing systems and files are accessible when needed. Even if information is kept secret and unmodified, it's of little work with when the application will be down or inaccessible. Availability means of which authorized users can certainly reliably access typically the application and the functions in some sort of timely manner. Risks to availability include DoS (Denial regarding Service) attacks, where attackers flood a new server with targeted visitors or exploit a new vulnerability to impact the machine, making this unavailable to legitimate users. Hardware disappointments, network outages, or perhaps even design issues that can't handle pinnacle loads are likewise availability risks. The particular opposite of availability is often identified as destruction or refusal – data or even services are ruined or withheld​
PTGMEDIA. PEARSONCMG. COM
. The Morris Worm's effect in 1988 had been a stark tip of the need for availability: it didn't steal or change data, but by causing systems crash or perhaps slow (denying service), it caused significant damage​
CCOE. DSCI. IN
.

These a few – confidentiality, honesty, and availability – are sometimes known as the "CIA triad" and are considered as the three pillars involving security. Depending upon the context, a good application might prioritize one over typically the others (for instance, a public reports website primarily cares about you that it's available as well as content honesty is maintained, privacy is less of a good issue considering that the written content is public; conversely, a messaging software might put discretion at the best of its list). But a protect application ideally should enforce all in order to an appropriate diploma. Many security handles can be recognized as addressing one particular or more of the pillars: encryption works with confidentiality (by rushing data so just authorized can read it), checksums and even audit logs support integrity, and redundancy or failover devices support availability.

## The DAD Triad (Opposites of CIA)

Sometimes it's valuable to remember the particular flip side regarding the CIA triad, often called DAD:

- **Disclosure** – Unauthorized access to information (breach of confidentiality).
- **Alteration** – Unauthorized transform details (breach involving integrity).
- **Destruction/Denial** – Unauthorized damage of information or refusal of service (breach of availability).

Security efforts aim to be able to prevent DAD results and uphold CIA. A single harm can involve numerous of these factors. Such as, a ransomware attack might both disclose data (if the attacker steals a copy) and even deny availability (by encrypting the victim's copy, locking all of them out). A web exploit might adjust data within a repository and thereby break integrity, and so on.

## Authentication, Authorization, and Accountability (AAA)

Within securing applications, specially multi-user systems, many of us rely on added fundamental concepts often referred to as AAA:

1. **Authentication** – Verifying the particular identity of a good user or program. Once you log in with an username and password (or more securely with multi-factor authentication), the system is definitely authenticating you – making sure you will be who you promise to be. Authentication answers the query: That are you? Common methods include passwords, biometric scans, cryptographic keys, or bridal party. A core rule is the fact that authentication need to be sufficiently strong to be able to thwart impersonation. Poor authentication (like effortlessly guessable passwords or no authentication high should be) is actually a frequent cause regarding breaches.

2. **Authorization** – Once identity is made, authorization handles what actions or data the verified entity is allowed to access. This answers: What are you allowed to do? For example, after you sign in, a great online banking program will authorize one to see your personal account details but not someone else's. Authorization typically requires defining roles or even permissions. A susceptability, Broken Access Handle, occurs when these kinds of checks fail – say, an opponent finds that simply by changing a list IDENTIFICATION in an URL they can watch another user's files since the application isn't properly verifying their authorization. In reality, Broken Access Handle was identified as the number one internet application risk inside of the 2021 OWASP Top 10, present in 94% of applications tested​
IMPERVA. POSSUINDO
, illustrating how  https://comsecuris.com/papers/06956589.pdf  and important suitable authorization is.

3. **Accountability** (and Auditing) – This refers to the ability to search for actions in the system to the accountable entity, which will means having proper logging and audit trails. If something moves wrong or suspect activity is detected, we need to know who performed what. Accountability is achieved through working of user behavior, and by having tamper-evident records. Functions hand-in-hand with authentication (you can simply hold someone liable if you know which consideration was performing a great action) and with integrity (logs them selves must be shielded from alteration). Within application security, setting up good logging in addition to monitoring is vital for both sensing incidents and performing forensic analysis after an incident. As we'll discuss found in a later chapter, insufficient logging in addition to monitoring enables breaches to go unknown – OWASP details this as another top 10 issue, observing that without suitable logs, organizations may fail to notice an attack right up until it's far too late​
IMPERVA. POSSUINDO

IMPERVA. COM
.

Sometimes you'll see an expanded phrase like IAAA (Identification, Authentication, Authorization, Accountability) which just breaks out identification (the claim of identity, e. g. getting into username, before genuine authentication via password) as an independent step. But the core ideas stay the same. A secure application typically enforces strong authentication, rigid authorization checks regarding every request, in addition to maintains logs with regard to accountability.

## Basic principle of Least Benefit

One of typically the most important style principles in protection is to offer each user or component the bare minimum privileges necessary to perform its perform, with no more. This specific is called the rule of least freedom. In practice, it implies if an app has multiple jobs (say admin compared to regular user), the regular user company accounts should have zero capacity to perform admin-only actions. If a new web application needs to access the database, the database account it uses needs to have permissions simply for the actual dining tables and operations needed – such as, if the app never needs to remove data, the DIE BAHN account shouldn't even have the ERASE privilege. By decreasing privileges, whether or not a good attacker compromises an user account or even a component, destruction is contained.

A kampfstark example of not necessarily following least benefit was the Funds One breach regarding 2019: a misconfigured cloud permission allowed a compromised part (a web application firewall) to get all data coming from an S3 storage space bucket, whereas in the event that that component got been limited to only certain data, typically the breach impact would likely have been a lot smaller​
KREBSONSECURITY. COM

KREBSONSECURITY. COM
. Least privilege furthermore applies with the code level: in case a module or microservice doesn't need certain gain access to, it shouldn't need it. Modern textbox orchestration and cloud IAM systems ensure it is easier to employ granular privileges, yet it requires considerate design.

## Security in Depth

This kind of principle suggests that will security should end up being implemented in overlapping layers, in order that in the event that one layer fails, others still provide protection. In other words, don't rely on any kind of single security control; assume it can easily be bypassed, plus have additional mitigations in place. Regarding an application, security in depth may well mean: you validate inputs on typically the client side regarding usability, but a person also validate them on the server side (in case a good attacker bypasses the client check). You protected the database at the rear of an internal fire wall, but you also compose code that checks user permissions prior to queries (assuming a good attacker might break the rules of the network). When using encryption, an individual might encrypt delicate data within the data source, but also implement access controls in the application layer and monitor for unusual query patterns. Protection in depth will be like the sheets of an onion – an opponent who gets by means of one layer ought to immediately face an additional. This approach counter tops the point that no one defense is certain.

For example, imagine an application is dependent on an internet application firewall (WAF) to block SQL injection attempts. Security detailed would argue the application should still use safe code practices (like parameterized queries) to sanitize inputs, in case the WAF yearns for a novel assault. A real circumstance highlighting this was initially the situation of particular web shells or even injection attacks of which were not recognized by security filtration – the inside application controls then served as the final backstop.

## Secure by Style and Secure by simply Default

These relevant principles emphasize producing security an important consideration from the start of design and style, and choosing safe defaults. "Secure simply by design" means you intend the system structure with security found in mind – with regard to instance, segregating sensitive components, using proven frameworks, and thinking of how each style decision could bring in risk. "Secure by simply default" means once the system is used, it should default to the most secure settings, requiring deliberate actions to make this less secure (rather compared to other approach around).

An instance is default bank account policy: a safely designed application might ship with no predetermined admin password (forcing the installer in order to set a sturdy one) – while opposed to creating a well-known default pass word that users might forget to modify. Historically, many software packages were not protected by default; they'd install with open permissions or test databases or debug modes active, and if an admin opted to not lock them down, it left slots for attackers. As time passes, vendors learned to be able to invert this: right now, databases and systems often come with secure configurations away of the box (e. g., remote access disabled, sample users removed), and it's up to the admin to be able to loosen if absolutely needed.

For developers, secure defaults mean choosing safe selection functions by default (e. g., standard to parameterized queries, default to outcome encoding for web templates, etc. ). It also indicates fail safe – if an element fails, it ought to fail inside a safeguarded closed state rather than an inferior open state. As an example, if an authentication service times out, a secure-by-default tackle would deny entry (fail closed) instead than allow it.

## Privacy simply by Design

This concept, closely related to security by design, offers gained prominence especially with laws like GDPR. It means that will applications should always be designed not just in always be secure, but to regard users' privacy from the ground up. In practice, this might involve data minimization (collecting only just what is necessary), openness (users know what data is collected), and giving consumers control over their data. While privacy is a distinct domain name, it overlaps seriously with security: an individual can't have privacy if you can't secure the personal data you're responsible for. Lots of the worst data breaches (like those at credit bureaus, health insurance providers, etc. ) will be devastating not merely due to security failure but because that they violate the level of privacy of an incredible number of individuals. Thus, modern program security often works hand in hand with privacy concerns.

## Threat Building

A vital practice inside secure design is usually threat modeling – thinking like a great attacker to foresee what could make a mistake. During threat which, architects and builders systematically go due to the style of an application to determine potential threats in addition to vulnerabilities. They question questions like: Exactly what are we building? What can move wrong? What is going to we do regarding it? One well-known methodology with regard to threat modeling is definitely STRIDE, developed with Microsoft, which stands for six kinds of threats: Spoofing identification, Tampering with info, Repudiation (deniability of actions), Information disclosure, Denial of service, and Elevation associated with privilege.

By going for walks through each element of a system and considering STRIDE risks, teams can reveal dangers that may well not be obvious at first glance. For example, look at a simple online payroll application. Threat modeling might reveal that will: an attacker could spoof an employee's identity by guessing the session expression (so we want strong randomness), may tamper with earnings values via a vulnerable parameter (so we need suggestions validation and server-side checks), could perform actions and later on deny them (so we really need good audit logs to avoid repudiation), could make use of an information disclosure bug in the error message in order to glean sensitive information (so we need user-friendly but imprecise errors), might test denial of assistance by submitting some sort of huge file or heavy query (so we need rate limiting and reference quotas), or try to elevate opportunity by accessing administrator functionality (so many of us need robust entry control checks). Through this process, security requirements and countermeasures become much more clear.

Threat modeling will be ideally done early in development (during the design phase) thus that security is built in in the first place, aligning with the "secure by design" philosophy. It's the evolving practice – modern threat building may also consider misuse cases (how could the system become misused beyond typically the intended threat model) and involve adversarial thinking exercises. We'll see its relevance again when speaking about specific vulnerabilities and even how developers might foresee and stop them.

## Hazard Management

Not every safety measures issue is equally critical, and solutions are always small. So another idea that permeates app security is risk management. This involves evaluating the possibilities of a threat as well as the impact were it to occur. Risk is usually in private considered as an event of these two: a vulnerability that's an easy task to exploit in addition to would cause severe damage is substantial risk; one that's theoretical or might have minimal effects might be reduced risk. Organizations frequently perform risk tests to prioritize their own security efforts. Intended for example, an on the web retailer might figure out the risk of credit card thievery (through SQL treatment or XSS leading to session hijacking) is incredibly high, and thus invest heavily inside preventing those, whereas the risk of someone creating minor defacement in a less-used site might be acknowledged or handled together with lower priority.

Frames like NIST's or perhaps ISO 27001's risk management guidelines help within systematically evaluating and even treating risks – whether by excuse them, accepting them, transferring them (insurance), or avoiding all of them by changing business practices.

One concrete results of risk management in application safety measures is the design of a threat matrix or risk register where possible threats are shown along with their severity. This particular helps drive choices like which bugs to fix very first or where in order to allocate more tests effort. It's likewise reflected in patch management: if a new new vulnerability is usually announced, teams will certainly assess the threat to their application – is this exposed to that will vulnerability, how serious is it – to make the decision how urgently to apply the patch or workaround.

## Security vs. Simplicity vs. Cost

Some sort of discussion of concepts wouldn't be total without acknowledging the particular real-world balancing work. Security measures can easily introduce friction or cost. Strong authentication might mean more steps to have an end user (like 2FA codes); encryption might decrease down performance a little bit; extensive logging may raise storage charges. A principle to follow is to seek balance and proportionality – security should become commensurate with the value of what's being protected. Overly burdensome security that will frustrates users may be counterproductive (users might find unsafe workarounds, with regard to instance). The artwork of application protection is finding remedies that mitigate dangers while preserving some sort of good user expertise and reasonable cost. Fortunately, with contemporary techniques, many safety measures can end up being made quite seamless – for illustration, single sign-on alternatives can improve equally security (fewer passwords) and usability, plus efficient cryptographic libraries make encryption scarcely noticeable with regards to functionality.

In summary, these kinds of fundamental principles – CIA, AAA, the very least privilege, defense in depth, secure by design/default, privacy considerations, danger modeling, and risk management – form the mental framework with regard to any security-conscious doctor. They will appear repeatedly throughout this guide as we examine specific technologies plus scenarios. Whenever you are unsure concerning a security selection, coming back to these basics (e. g., "Am My partner and i protecting confidentiality? Are generally we validating sincerity? Are we reducing privileges? Do we have got multiple layers of defense? ") could guide you to a more secure result.

With one of these principles on mind, we could now explore the particular risks and vulnerabilities of which plague applications, and even how to defend against them.