Log in Subscribe

Main Security Principles plus Concepts

Sehested Weinstein
· 12 min read
Main Security Principles plus Concepts

# Chapter 3: Core Security Guidelines and Concepts

Prior to diving further directly into threats and defense, it's essential to be able to establish the basic principles that underlie application security. These types of core concepts are usually the compass by which security professionals understand decisions and trade-offs. They help remedy why certain controls are necessary and what goals we are trying to be able to achieve. Several foundational models and concepts guide the design and evaluation of secure systems, the most famous being the particular CIA triad and even associated security rules.

## The CIA Triad – Privacy, Integrity, Availability

At the heart of information safety measures (including application security) are three main goals:

1. ** business continuity planning ** – Preventing illegal use of information. Inside simple terms, maintaining secrets secret. Only those who will be authorized (have typically the right credentials or perhaps permissions) should be able to view or use delicate data. According to NIST, confidentiality signifies "preserving authorized constraints on access plus disclosure, including means for protecting individual privacy and amazing information"​
PTGMEDIA. PEARSONCMG. COM
. Breaches associated with confidentiality include new trends like data leakages, password disclosure, or an attacker looking at someone else's emails. A real-world illustration is an SQL injection attack of which dumps all user records from the database: data that will should have been secret is subjected to the attacker. The opposite associated with confidentiality is disclosure​
PTGMEDIA. PEARSONCMG. POSSUINDO
– when data is showed all those not authorized to be able to see it.

two. **Integrity** – Safeguarding data and systems from unauthorized modification. Integrity means that information remains accurate and trustworthy, in addition to that system features are not interfered with. For illustration, if a banking software displays your accounts balance, integrity procedures ensure that an attacker hasn't illicitly altered that equilibrium either in transit or in typically the database. Integrity can easily be compromised by simply attacks like tampering (e. g., changing values in a WEB LINK to access a person else's data) or by faulty code that corrupts files. A classic device to make sure integrity is the use of cryptographic hashes or autographs – in case a file or message is altered, its signature will no longer verify. The reverse of integrity is often termed alteration – data staying modified or corrupted without authorization​
PTGMEDIA. PEARSONCMG. COM
.

three or more. **Availability** – Ensuring systems and info are accessible as needed. Even if files is kept top secret and unmodified, it's of little use in case the application is usually down or unapproachable. Availability means of which authorized users can easily reliably access typically the application and its functions in some sort of timely manner. Hazards to availability contain DoS (Denial regarding Service) attacks, wherever attackers flood the server with site visitors or exploit a new vulnerability to impact the system, making this unavailable to legitimate users. Hardware failures, network outages, or perhaps even design problems that can't handle summit loads are also availability risks. The opposite of availableness is often referred to as destruction or denial – data or perhaps services are damaged or withheld​
PTGMEDIA. PEARSONCMG. COM
. The particular Morris Worm's influence in 1988 was a stark prompt of the need for availability: it didn't steal or modify data, but by looking into making systems crash or even slow (denying service), it caused major damage​
CCOE. DSCI. IN
.

These 3 – confidentiality, ethics, and availability – are sometimes called the "CIA triad" and are considered the three pillars regarding security. Depending upon the context, a good application might prioritize one over the others (for example, a public media website primarily cares about you that it's obtainable and its particular content integrity is maintained, privacy is less of a great issue considering that the written content is public; more over, a messaging application might put privacy at the top of its list). But a protect application ideally have to enforce all to be able to an appropriate education. Many security controls can be comprehended as addressing one particular or more of these pillars: encryption aids confidentiality (by striving data so simply authorized can examine it), checksums and even audit logs help integrity, and redundancy or failover techniques support availability.

## The DAD Triad (Opposites of CIA)

Sometimes it's beneficial to remember the particular flip side of the CIA triad, often called FATHER:

- **Disclosure** – Unauthorized access to information (breach involving confidentiality).
- **Alteration** – Unauthorized change details (breach of integrity).
- **Destruction/Denial** – Unauthorized break down of information or refusal of service (breach of availability).

Safety measures efforts aim to be able to prevent DAD final results and uphold CIA. A single assault can involve several of these aspects. One example is, a ransomware attack might each disclose data (if the attacker burglarizes a copy) plus deny availability (by encrypting the victim's copy, locking them out). A internet exploit might alter data within a database and thereby infringement integrity, and so forth.

## Authentication, Authorization, and even Accountability (AAA)

Inside securing applications, especially multi-user systems, we rely on added fundamental concepts also known as AAA:

1. **Authentication** – Verifying typically the identity of a great user or program. Whenever you log throughout with an account information (or more securely with multi-factor authentication), the system is authenticating you – ensuring you will be who you state to be. Authentication answers the query: That are you? Common methods include passwords, biometric scans, cryptographic keys, or bridal party. A core rule is the fact that authentication have to be strong enough to thwart impersonation. Poor authentication (like quickly guessable passwords or no authentication where there should be) is actually a frequent cause associated with breaches.

2. **Authorization** – Once identification is made, authorization handles what actions or even data the authenticated entity is granted to access. That answers: Exactly what a person allowed to do? For example, right after you sign in, an online banking application will authorize you to definitely see your individual account details yet not someone else's. Authorization typically consists of defining roles or even permissions. A weeknesses, Broken Access Manage, occurs when these kinds of checks fail – say, an opponent finds that by simply changing a record USERNAME in an URL they can see another user's data for the reason that application isn't properly verifying their authorization. In truth, Broken Access Handle was referred to as the number one web application risk in the 2021 OWASP Top 10, found in 94% of programs tested​
IMPERVA. POSSUINDO
, illustrating how predominanent and important correct authorization is.

several. **Accountability** (and Auditing) – This refers to the ability to find actions in the particular system to the responsible entity, which often means having proper visiting and audit paths. If something should go wrong or dubious activity is diagnosed, we need to be able to know who performed what. Accountability will be achieved through signing of user activities, and by getting tamper-evident records. It works hand-in-hand with authentication (you can just hold someone accountable knowing which bank account was performing a great action) and together with integrity (logs themselves must be protected from alteration). Throughout application security, establishing good logging in addition to monitoring is crucial for both finding incidents and performing forensic analysis after an incident. Since we'll discuss inside a later phase, insufficient logging in addition to monitoring enables removes to go undetected – OWASP lists this as another top 10 issue, noting that without correct logs, organizations may possibly fail to discover an attack till it's far too late​
IMPERVA. CONTENDO

IMPERVA. CONTENDO
.

Sometimes you'll see an expanded acronym like IAAA (Identification, Authentication, Authorization, Accountability) which just breaks or cracks out identification (the claim of id, e. g. getting into username, before actual authentication via password) as an individual step. But the core ideas continue to be the identical. A secure application typically enforces strong authentication, stringent authorization checks intended for every request, and even maintains logs intended for accountability.

## Rule of Least Freedom

One of the most important design and style principles in safety is to give each user or even component the bare minimum privileges necessary to perform its function, without more. This specific is the principle of least benefit. In practice, it means if an software has multiple jobs (say admin vs regular user), the particular regular user accounts should have zero capability to perform admin-only actions. If a web application requirements to access a new database, the repository account it employs should have permissions just for the specific dining tables and operations essential – for example, when the app in no way needs to remove data, the DIE BAHN account shouldn't still have the REMOVE privilege. By constraining privileges, even if the attacker compromises the user account or perhaps a component, destruction is contained.

A kampfstark example of not following least benefit was the Funds One breach regarding 2019: a misconfigured cloud permission permitted a compromised element (a web application firewall) to retrieve all data coming from an S3 storage bucket, whereas when that component got been limited to only certain data, the particular breach impact would have been far smaller​
KREBSONSECURITY. APRESENTANDO

KREBSONSECURITY. POSSUINDO
. Least privilege in addition applies at the computer code level: if the component or microservice doesn't need certain gain access to, it shouldn't have got it. Modern box orchestration and foriegn IAM systems help it become easier to put into action granular privileges, yet it requires innovative design.

## Defense in Depth

This principle suggests that security should always be implemented in overlapping layers, so that if one layer falls flat, others still give protection. Quite simply, don't rely on any single security handle; assume it can be bypassed, in addition to have additional mitigations in place. For an application, security in depth might mean: you validate inputs on the client side regarding usability, but a person also validate these people on the server side (in case a good attacker bypasses the client check). You safeguarded the database at the rear of an internal fire wall, but the truth is also compose code that checks user permissions just before queries (assuming an attacker might break the network). If using encryption, an individual might encrypt delicate data in the database, but also put in force access controls with the application layer and even monitor for unconventional query patterns. Protection in depth is definitely like the levels of an onion – an attacker who gets via one layer have to immediately face one other. This approach counter tops the reality that no single defense is certain.

For example, assume an application is dependent on a net application firewall (WAF) to block SQL injection attempts. Defense detailed would state the application form should still use safe coding practices (like parameterized queries) to sanitize inputs, in situation the WAF misses a novel attack. A real scenario highlighting this was basically the truth of selected web shells or even injection attacks of which were not identified by security filters – the internal application controls and then served as the final backstop.

## Secure by Style and design and Secure by simply Default

These related principles emphasize generating security a fundamental consideration from the start of design, and choosing secure defaults. "Secure by simply design" means you plan the system architecture with security inside of mind – with regard to instance, segregating delicate components, using proven frameworks, and considering how each design decision could bring in risk. "Secure simply by default" means once the system is deployed, it may default in order to the best settings, requiring deliberate action to make that less secure (rather than the other method around).

An illustration is default accounts policy: a securely designed application may possibly ship without standard admin password (forcing the installer to set a solid one) – as opposed to having a well-known default username and password that users might forget to change. Historically, many application packages are not protected by default; they'd install with available permissions or example databases or debug modes active, and if an admin chosen not to lock them down, it left cracks for attackers. With time, vendors learned to invert this: at this point, databases and operating systems often come along with secure configurations out of the pack (e. g., remote access disabled, trial users removed), in addition to it's up to the admin in order to loosen if absolutely needed.

For designers, secure defaults suggest choosing safe selection functions by standard (e. g., standard to parameterized queries, default to outcome encoding for internet templates, etc. ). It also means fail safe – if a part fails, it should fail in the safe closed state quite than an insecure open state. For instance, if an authentication service times out, a secure-by-default approach would deny access (fail closed) instead than allow this.

## Privacy simply by Design

This concept, tightly related to safety measures by design, offers gained prominence particularly with laws like GDPR. It means of which applications should be designed not just in end up being secure, but for respect users' privacy by the ground way up. Used, this may involve data minimization (collecting only what is necessary), visibility (users know precisely what data is collected), and giving customers control over their info. While privacy is definitely a distinct domain name, it overlaps intensely with security: you can't have level of privacy if you can't secure the private data you're accountable for. Lots of the most detrimental data breaches (like those at credit bureaus, health insurers, etc. ) are usually devastating not merely because of security disappointment but because that they violate the privateness of a lot of people. Thus, modern software security often functions hand in hands with privacy considerations.

## Threat Building

The practice in secure design is definitely threat modeling – thinking like a good attacker to anticipate what could make a mistake. During threat which, architects and developers systematically go all the way through the design of a good application to determine potential threats plus vulnerabilities. They ask questions like: What are we developing? What can proceed wrong? What will we do about this? One particular well-known methodology regarding threat modeling is usually STRIDE, developed from Microsoft, which stalls for six types of threats: Spoofing id, Tampering with info, Repudiation (deniability of actions), Information disclosure, Denial of support, and Elevation associated with privilege.

By jogging through each element of a system and even considering STRIDE threats, teams can uncover dangers that may not be apparent at first peek. For example, look at a simple online salaries application. Threat modeling might reveal that: an attacker can spoof an employee's identity by guessing the session expression (so we have to have strong randomness), can tamper with wage values via the vulnerable parameter (so we need type validation and server-side checks), could conduct actions and after deny them (so we really need good audit logs to stop repudiation), could exploit an information disclosure bug in a great error message in order to glean sensitive information (so we need user-friendly but imprecise errors), might test denial of service by submitting a new huge file or heavy query (so we need price limiting and source quotas), or attempt to elevate freedom by accessing administrator functionality (so all of us need robust gain access to control checks). By  coordinated vulnerability disclosure  of this process, protection requirements and countermeasures become much better.

Threat modeling is ideally done early in development (during the design phase) as a result that security is usually built in in the first place, aligning with the "secure by design" philosophy. It's an evolving practice – modern threat building may also consider misuse cases (how may the system always be misused beyond the intended threat model) and involve adversarial thinking exercises. We'll see its importance again when talking about specific vulnerabilities and even how developers will foresee and prevent them.

## Hazard Management

Its not all safety measures issue is every bit as critical, and assets are always small. So another strategy that permeates app security is risk management. This involves assessing the likelihood of a threat along with the impact were it to happen. Risk is usually informally considered as an event of these two: a vulnerability that's easy to exploit and would cause extreme damage is large risk; one that's theoretical or would certainly have minimal effects might be reduce risk. Organizations generally perform risk checks to prioritize their security efforts. Intended for example, an on the internet retailer might decide that the risk involving credit card thievery (through SQL treatment or XSS bringing about session hijacking) is extremely high, and thus invest heavily in preventing those, whereas the risk of someone causing minor defacement in a less-used web page might be approved or handled together with lower priority.

Frameworks like NIST's or ISO 27001's risikomanagement guidelines help inside systematically evaluating and even treating risks – whether by mitigating them, accepting these people, transferring them (insurance), or avoiding all of them by changing company practices.

One real consequence of risk administration in application security is the creation of a threat matrix or risk register where prospective threats are shown along with their severity. This kind of helps drive choices like which bugs to fix first or where to allocate more assessment effort. It's also reflected in spot management: if some sort of new vulnerability is definitely announced, teams will certainly assess the risk to their software – is that exposed to that vulnerability, how severe is it – to determine how urgently to use the patch or workaround.

## Security vs. User friendliness vs. Cost

A new discussion of principles wouldn't be complete without acknowledging the particular real-world balancing take action. Security measures can easily introduce friction or perhaps cost. Strong authentication might mean more steps for an end user (like 2FA codes); encryption might decrease down performance a little bit; extensive logging may possibly raise storage charges. A principle to follow is to seek balance and proportionality – security should become commensurate with the particular value of what's being protected. Excessively burdensome security that frustrates users could be counterproductive (users might find unsafe workarounds, regarding instance). The art of application safety is finding alternatives that mitigate risks while preserving a new good user expertise and reasonable cost. Fortunately, with contemporary techniques, many protection measures can always be made quite smooth – for example of this, single sign-on solutions can improve equally security (fewer passwords) and usability, in addition to efficient cryptographic libraries make encryption rarely noticeable when it comes to efficiency.

In summary, these types of fundamental principles – CIA, AAA, very least privilege, defense detailed, secure by design/default, privacy considerations, risk modeling, and risikomanagement – form the particular mental framework regarding any security-conscious medical specialist. They will seem repeatedly throughout information as we take a look at specific technologies plus scenarios. Whenever a person are unsure about a security choice, coming back to these basics (e. g., "Am I protecting confidentiality? Are we validating honesty? Are we lessening privileges? Do we have multiple layers of defense? ") can easily guide you to some more secure final result.

Using these principles inside mind, we can today explore the specific hazards and vulnerabilities that plague applications, and how to guard against them.