Secure Coding

Security Principles:

Do Not Mix Code and Data: Prevent injection attacks.
SD3: Secure by Design, Default, Deployment.
Minimize Attack Surface: Limit ports, services, privileges, and dynamic content.
Employ Secure Defaults: Use safe settings as defaults.
Least Privilege and Separation of Privilege: Ensure minimal access rights and separation of roles.
Plan for Failure: Design systems to handle failures securely.
Fix Security Issues Correctly: Address root causes, not just symptoms.
Learn from Mistakes: Continuously improve security practices.

Secure Design Principles

Economy of mechanism:
- Keep the design as simple and small as possible to reduce the chance of errors and vulnerabilities.
Fail-safe defaults:
- Base access decisions on permission rather than exclusion to ensure security by default.
Complete mediation:
- Every access to every object must be checked for authority at the time of access to prevent unauthorized actions.
Open design:
- The design and code should not be secret. The secrecy should be in the data, like passwords or cryptographic keys, to ensure transparency and trust.
Separation of privilege:
- Require multiple conditions to grant access, ensuring it’s safer if two parties need to agree on a decision rather than one alone.
Least privilege:
- Operate with the minimal set of powers necessary to complete a task, reducing potential damage from exploits.
Least common mechanism:
- Minimize the subsystems shared between or relied upon by mutually distrusting users to reduce security risks.
Psychological acceptability:
- Design security systems to be user-friendly to ensure they are used correctly and consistently.
Work factor:
- Compare the cost of circumventing the security mechanism with the resources of a potential attacker to ensure security measures are effective and efficient.
Compromise recording:
- Record that a compromise of information has occurred to detect breaches and respond appropriately.

Securing Workflow:

Principles:

Least Privilege: Grant only necessary permissions to users and processes.
Defense in Depth: Employ multiple layers of security controls.
Background Checks: Verify personnel handling sensitive data.
Physical Security: Secure hardware and physical access to systems.

Building Securely:

General Principles:

Build engineering as part of software development.
Builds are iterative; the first build often fails.
Projects should align with established build processes.

Security Tools:

SAST (Static Application Security Testing): Analyze source code for vulnerabilities.
DAST (Dynamic Application Security Testing): Analyze running applications for vulnerabilities.
SCA (Software Composition Analysis): Analyze open-source components for security and license compliance.

Secret Management:

Avoid storing secrets in version control.
Ensure secure handling of secrets in build logs.
Use OAuth, Personal Access Tokens, or Certificates for third-party tool authentication.
SSO (Single Sign-On): Uses SAML for secure, attribute-based authentication.

Dependency Security:

Regularly scan and update dependencies to mitigate vulnerabilities.

Secure Deployment:

Immutable Server: Servers that cannot be changed post-deployment.
Containerization:
- Use containers for isolated, consistent environments.
- Containers share the host OS kernel; hybrid modes (e.g., Hyper-V Isolation) add security layers.
Deployment Tools:
- Octopus Deploy: Automates and secures deployment processes.

Making Security Observable:

Insecurity through Obscurity: Avoid hiding security issues; face and fix them.
Logging and Monitoring: Use tools like ELK (Elastic Search, LogStash, Kibana) or Splunk for comprehensive logging and analysis.

Common Insecure Coding Practices:

Copy-Paste Code: Avoid reusing insecure code.
Hardcoding Credentials: Avoid storing sensitive information like passwords, API keys, database connection strings directly in code.
Trusting User Input: Failing to validate or sanitize user input can lead to injection attacks.
Inadequate Authentication and Authorization: Weak implementation of auth mechanisms.
Insecure Use of Cryptographic Functions: Using outdated or weak cryptographic algorithms or improperly implementing cryptographic functions
Insecure Error Handling: Revealing sensitive information in error messages or logs.
Insecure Session Management: Using predictable session tokens, not invalidating sessions on logout, or not implementing session timeout mechanisms.
Misconfiguration of Security Headers
Insecure Deserialization
Failing to Apply Patches and Updates
Trusting Insecure SSL Certificates: Verify domain match, validity, and trustworthiness of certificates.

PreviousThreat Modeling NextCode Review Examples

Last updated 9 months ago

Security Principles:

Do Not Mix Code and Data: Prevent injection attacks.

SD3: Secure by Design, Default, Deployment.

Minimize Attack Surface: Limit ports, services, privileges, and dynamic content.

Employ Secure Defaults: Use safe settings as defaults.

Least Privilege and Separation of Privilege: Ensure minimal access rights and separation of roles.

Plan for Failure: Design systems to handle failures securely.

Fix Security Issues Correctly: Address root causes, not just symptoms.

Learn from Mistakes: Continuously improve security practices.

Secure Design Principles

Economy of mechanism:

Keep the design as simple and small as possible to reduce the chance of errors and vulnerabilities.

Fail-safe defaults:

Base access decisions on permission rather than exclusion to ensure security by default.

Complete mediation:

Every access to every object must be checked for authority at the time of access to prevent unauthorized actions.

Open design:

The design and code should not be secret. The secrecy should be in the data, like passwords or cryptographic keys, to ensure transparency and trust.

Separation of privilege:

Require multiple conditions to grant access, ensuring it’s safer if two parties need to agree on a decision rather than one alone.

Least privilege:

Operate with the minimal set of powers necessary to complete a task, reducing potential damage from exploits.

Least common mechanism:

Minimize the subsystems shared between or relied upon by mutually distrusting users to reduce security risks.

Psychological acceptability:

Design security systems to be user-friendly to ensure they are used correctly and consistently.

Work factor:

Compare the cost of circumventing the security mechanism with the resources of a potential attacker to ensure security measures are effective and efficient.

Compromise recording:

Record that a compromise of information has occurred to detect breaches and respond appropriately.

Building Securely:

General Principles:

Build engineering as part of software development.

Builds are iterative; the first build often fails.

Projects should align with established build processes.

Security Tools:

SAST (Static Application Security Testing): Analyze source code for vulnerabilities.

DAST (Dynamic Application Security Testing): Analyze running applications for vulnerabilities.

SCA (Software Composition Analysis): Analyze open-source components for security and license compliance.

Secret Management:

Avoid storing secrets in version control.

Ensure secure handling of secrets in build logs.

Use OAuth, Personal Access Tokens, or Certificates for third-party tool authentication.

SSO (Single Sign-On): Uses SAML for secure, attribute-based authentication.

Dependency Security:

Regularly scan and update dependencies to mitigate vulnerabilities.

Secure Deployment:

Immutable Server: Servers that cannot be changed post-deployment.

Containerization:

Use containers for isolated, consistent environments.
Containers share the host OS kernel; hybrid modes (e.g., Hyper-V Isolation) add security layers.

Deployment Tools:

Octopus Deploy: Automates and secures deployment processes.

Making Security Observable:

Insecurity through Obscurity: Avoid hiding security issues; face and fix them.

Logging and Monitoring: Use tools like ELK (Elastic Search, LogStash, Kibana) or Splunk for comprehensive logging and analysis.

Common Insecure Coding Practices:

Copy-Paste Code: Avoid reusing insecure code.

Hardcoding Credentials: Avoid storing sensitive information like passwords, API keys, database connection strings directly in code.

Trusting User Input: Failing to validate or sanitize user input can lead to injection attacks.

Inadequate Authentication and Authorization: Weak implementation of auth mechanisms.

Insecure Use of Cryptographic Functions: Using outdated or weak cryptographic algorithms or improperly implementing cryptographic functions

Insecure Error Handling: Revealing sensitive information in error messages or logs.

Insecure Session Management: Using predictable session tokens, not invalidating sessions on logout, or not implementing session timeout mechanisms.

Misconfiguration of Security Headers

Insecure Deserialization

Failing to Apply Patches and Updates

Trusting Insecure SSL Certificates: Verify domain match, validity, and trustworthiness of certificates.