# Secure Coding

## **Security Principles:**

* **Do Not Mix Code and Data:** Prevent injection attacks.
* **SD3:** Secure by Design, Default, Deployment.
* **Minimize Attack Surface:** Limit ports, services, privileges, and dynamic content.
* **Employ Secure Defaults:** Use safe settings as defaults.
* **Least Privilege and Separation of Privilege:** Ensure minimal access rights and separation of roles.
* **Plan for Failure:** Design systems to handle failures securely.
* **Fix Security Issues Correctly:** Address root causes, not just symptoms.
* **Learn from Mistakes:** Continuously improve security practices.

## Secure Design Principles

* **Economy of mechanism**:
  * Keep the design as simple and small as possible to reduce the chance of errors and vulnerabilities.
* **Fail-safe defaults**:
  * Base access decisions on permission rather than exclusion to ensure security by default.
* **Complete mediation**:
  * Every access to every object must be checked for authority at the time of access to prevent unauthorized actions.
* **Open design**:
  * The design and code should not be secret. The secrecy should be in the data, like passwords or cryptographic keys, to ensure transparency and trust.
* **Separation of privilege**:
  * Require multiple conditions to grant access, ensuring it’s safer if two parties need to agree on a decision rather than one alone.
* **Least privilege**:
  * Operate with the minimal set of powers necessary to complete a task, reducing potential damage from exploits.
* **Least common mechanism**:
  * Minimize the subsystems shared between or relied upon by mutually distrusting users to reduce security risks.
* **Psychological acceptability**:
  * Design security systems to be user-friendly to ensure they are used correctly and consistently.
* **Work factor**:
  * Compare the cost of circumventing the security mechanism with the resources of a potential attacker to ensure security measures are effective and efficient.
* **Compromise recording**:
  * Record that a compromise of information has occurred to detect breaches and respond appropriately.

## **Securing Workflow:**

**Principles:**

* **Least Privilege:** Grant only necessary permissions to users and processes.
* **Defense in Depth:** Employ multiple layers of security controls.
* **Background Checks:** Verify personnel handling sensitive data.
* **Physical Security:** Secure hardware and physical access to systems.

## **Building Securely:**

### **General Principles:**

* Build engineering as part of software development.
* Builds are iterative; the first build often fails.
* Projects should align with established build processes.

### **Security Tools:**

* **SAST (Static Application Security Testing):** Analyze source code for vulnerabilities.
* **DAST (Dynamic Application Security Testing):** Analyze running applications for vulnerabilities.
* **SCA (Software Composition Analysis):** Analyze open-source components for security and license compliance.

### **Secret Management:**

* Avoid storing secrets in version control.
* Ensure secure handling of secrets in build logs.
* Use OAuth, Personal Access Tokens, or Certificates for third-party tool authentication.
* **SSO (Single Sign-On):** Uses SAML for secure, attribute-based authentication.

### **Dependency Security:**

* Regularly scan and update dependencies to mitigate vulnerabilities.

## **Secure Deployment:**

* **Immutable Server:** Servers that cannot be changed post-deployment.
* **Containerization:**
  * Use containers for isolated, consistent environments.
  * Containers share the host OS kernel; hybrid modes (e.g., Hyper-V Isolation) add security layers.
* **Deployment Tools:**
  * **Octopus Deploy:** Automates and secures deployment processes.

### **Making Security Observable:**

* **Insecurity through Obscurity:** Avoid hiding security issues; face and fix them.
* **Logging and Monitoring:** Use tools like ELK (Elastic Search, LogStash, Kibana) or Splunk for comprehensive logging and analysis.

**Common Insecure Coding Practices:**

* **Copy-Paste Code:** Avoid reusing insecure code.
* **Hardcoding Credentials:** Avoid storing sensitive information like passwords, API keys, database connection strings directly in code.
* **Trusting User Input:** Failing to validate or sanitize user input can lead to injection attacks.
* **Inadequate Authentication and Authorization:** Weak implementation of auth mechanisms.
* **Insecure Use of Cryptographic Functions:** Using outdated or weak cryptographic algorithms or improperly implementing cryptographic functions
* **Insecure Error Handling:** Revealing sensitive information in error messages or logs.
* **Insecure Session Management:** Using predictable session tokens, not invalidating sessions on logout, or not implementing session timeout mechanisms.
* **Misconfiguration of Security Headers**
* **Insecure Deserialization**
* **Failing to Apply Patches and Updates**
* **Trusting Insecure SSL Certificates:** Verify domain match, validity, and trustworthiness of certificates.