Log in Subscribe

Main Security Principles and Concepts

Clemmensen Kelley
· 12 min read
Main Security Principles and Concepts

# Chapter 3: Core Security Principles and Concepts

Ahead of diving further into threats and defense, it's essential to establish the fundamental principles that underlie application security. These kinds of core concepts will be the compass through which security professionals find their way decisions and trade-offs. They help remedy why certain settings are necessary and what goals we are trying in order to achieve. Several foundational models and guidelines slowly move the design and even evaluation of safe systems, the most famous being typically the CIA triad plus associated security guidelines.

## The CIA Triad – Confidentiality, Integrity, Availability

At the heart of information security (including application security) are three main goals:

1. **Confidentiality** – Preventing unapproved use of information. Within simple terms, trying to keep secrets secret. Only those who are usually authorized (have typically the right credentials or even permissions) should get able to see or use hypersensitive data. According in order to NIST, confidentiality means "preserving authorized limitations on access plus disclosure, including method for protecting private privacy and amazing information"​
PTGMEDIA. PEARSONCMG. COM
. Breaches associated with confidentiality include new trends like data leaks, password disclosure, or an attacker looking at someone else's email messages. A real-world illustration is an SQL injection attack of which dumps all user records from a new database: data that will should happen to be confidential is encountered with the particular attacker. The opposite associated with confidentiality is disclosure​
PTGMEDIA. PEARSONCMG. APRESENTANDO
– when info is showed all those not authorized to see it.



two. **Integrity** – Protecting data and systems from unauthorized changes. Integrity means that will information remains correct and trustworthy, and even that system functions are not tampered with. For instance, if a banking program displays your bank account balance, integrity procedures ensure that an attacker hasn't illicitly altered that balance either in flow or in the database. Integrity can be compromised by simply attacks like tampering (e. g., transforming values in a WEB LINK to access an individual else's data) or even by faulty signal that corrupts info. A classic system to make certain integrity is definitely the use of cryptographic hashes or validations – when a data file or message is definitely altered, its trademark will no extended verify. The opposite of integrity will be often termed change – data becoming modified or corrupted without authorization​
PTGMEDIA. PEARSONCMG. COM
.

three or more. **Availability** – Guaranteeing systems and files are accessible when needed. Even if data is kept secret and unmodified, it's of little use in the event the application will be down or unapproachable. Availability means that authorized users can certainly reliably access the particular application and its functions in a timely manner. Hazards to availability include DoS (Denial of Service) attacks, wherever attackers flood some sort of server with targeted visitors or exploit a new vulnerability to collision the program, making this unavailable to reputable users. Hardware failures, network outages, or perhaps even design issues that can't handle summit loads are furthermore availability risks. The opposite of supply is often described as destruction or refusal – data or even services are ruined or withheld​
PTGMEDIA. PEARSONCMG. COM
. The Morris Worm's effect in 1988 seemed to be a stark tip of the need for availability: it didn't steal or change data, but by causing systems crash or even slow (denying service), it caused major damage​
CCOE. DSCI. IN
.

These three – confidentiality, integrity, and availability – are sometimes named the "CIA triad" and are considered as the three pillars regarding security. Depending upon the context, a great application might prioritize one over the particular others (for instance, a public media website primarily cares that it's obtainable as well as content sincerity is maintained, discretion is much less of a good issue considering that the content material is public; on the other hand, a messaging application might put confidentiality at the best of its list). But a safeguarded application ideally need to enforce all in order to an appropriate level. Many security settings can be recognized as addressing one particular or more of those pillars: encryption helps confidentiality (by striving data so just authorized can examine it), checksums in addition to audit logs help integrity, and redundancy or failover techniques support availability.

## The DAD Triad (Opposites of CIA)

Sometimes it's valuable to remember typically the flip side regarding the CIA triad, often called FATHER:

- **Disclosure** – Unauthorized access in order to information (breach associated with confidentiality).
- **Alteration** – Unauthorized change details (breach regarding integrity).
- **Destruction/Denial** – Unauthorized damage details or refusal of service (breach of availability).

Safety efforts aim to be able to prevent DAD final results and uphold CIA. A single assault can involve numerous of these features. One example is, a ransomware attack might equally disclose data (if the attacker abducts a copy) in addition to deny availability (by encrypting the victim's copy, locking these people out). A web exploit might alter data within a databases and thereby breach integrity, etc.

## Authentication, Authorization, in addition to Accountability (AAA)

In securing applications, especially multi-user systems, we rely on extra fundamental concepts often referred to as AAA:

1. **Authentication** – Verifying the particular identity of the user or system. Whenever you log inside with an username and password (or more securely with multi-factor authentication), the system is authenticating you – making sure you will be who you claim to be. Authentication answers the issue: Which are you? Common methods include account details, biometric scans, cryptographic keys, or bridal party. A core theory is that authentication should be sufficiently strong to be able to thwart impersonation. Weak authentication (like quickly guessable passwords or even no authentication high should be) can be a frequent cause involving breaches.

2. **Authorization** – Once id is made, authorization handles what actions or even data the authenticated entity is granted to access. That answers: Exactly what you allowed to carry out? For example, following you sign in, a good online banking application will authorize one to see your very own account details yet not someone else's. Authorization typically consists of defining roles or perhaps permissions. The weeknesses, Broken Access Manage, occurs when these types of checks fail – say, an assailant finds that by simply changing a record IDENTITY in an WEB LINK they can look at another user's info since the application isn't properly verifying their very own authorization. In simple fact, Broken Access Manage was identified as typically the number one website application risk inside the 2021 OWASP Top 10, seen in 94% of apps tested​
IMPERVA. POSSUINDO
, illustrating how pervasive and important correct authorization is.

several. **Accountability** (and Auditing) – This refers to the ability to find actions in the system to the accountable entity, which in turn means having proper working and audit trails. If something goes wrong or suspicious activity is detected, we need to be able to know who performed what. Accountability is usually achieved through logging of user steps, and by getting tamper-evident records. Functions hand-in-hand with authentication (you can simply hold someone responsible knowing which bank account was performing a great action) and together with integrity (logs by themselves must be safeguarded from alteration). Throughout application security, creating good logging plus monitoring is crucial for both detecting incidents and undertaking forensic analysis after an incident. While we'll discuss in a later part, insufficient logging and even monitoring can allow breaches to go undetected – OWASP lists this as an additional top 10 issue, observing that without correct logs, organizations may possibly fail to see an attack right up until it's far also late​
IMPERVA. CONTENDO

IMPERVA.  cyber diplomacy
.

Sometimes you'll see an expanded acronym like IAAA (Identification, Authentication, Authorization, Accountability) which just breaks out identification (the claim of identification, e. g. going into username, before genuine authentication via password) as a distinct step. But typically the core ideas continue to be exactly the same. A safeguarded application typically enforces strong authentication, tight authorization checks with regard to every request, plus maintains logs regarding accountability.

## Theory of Least Benefit

One of the most important design and style principles in safety measures is to provide each user or perhaps component the lowest privileges necessary in order to perform its function, and no more. This specific is called the principle of least privilege. In practice, it implies if an application has multiple functions (say admin compared to regular user), the particular regular user balances should have zero ability to perform admin-only actions. If a new web application needs to access some sort of database, the database account it employs really should have permissions simply for the particular dining tables and operations necessary – for example, in the event that the app in no way needs to delete data, the DIE BAHN account shouldn't even have the DELETE privilege. By restricting privileges, whether or not the attacker compromises a good user account or perhaps a component, the damage is contained.

A bare example of certainly not following least freedom was the Funds One breach involving 2019: a misconfigured cloud permission allowed a compromised part (a web app firewall) to obtain all data through an S3 storage area bucket, whereas if that component acquired been limited to be able to only certain data, typically the breach impact would have been much smaller​
KREBSONSECURITY. APRESENTANDO

KREBSONSECURITY. APRESENTANDO
. Least privilege likewise applies at the program code level: if a component or microservice doesn't need certain access, it shouldn't experience it. Modern container orchestration and impair IAM systems ensure it is easier to implement granular privileges, yet it requires innovative design.

## Protection in Depth

This kind of principle suggests that will security should be implemented in overlapping layers, to ensure that if one layer does not work out, others still give protection. In other words, don't rely on any kind of single security handle; assume it may be bypassed, in addition to have additional mitigations in place. Regarding an application, security in depth might mean: you validate inputs on typically the client side for usability, but a person also validate them on the server side (in case a good attacker bypasses your customer check). You safe the database powering an internal fire wall, but the truth is also create code that bank checks user permissions before queries (assuming an attacker might breach the network). In case using encryption, a person might encrypt delicate data inside the repository, but also enforce access controls at the application layer in addition to monitor for unusual query patterns. Security in depth is like the sheets of an onion – an attacker who gets via one layer should immediately face one other. This approach counters the truth that no individual defense is certain.

For example, assume an application relies on a net application firewall (WAF) to block SQL injection attempts. Security thorough would claim the application form should nonetheless use safe coding practices (like parameterized queries) to sterilize inputs, in situation the WAF yearns for a novel strike. A real scenario highlighting this was basically the truth of particular web shells or perhaps injection attacks that will were not recognized by security filtration systems – the internal application controls and then served as the final backstop.

## Secure by Design and Secure by Default

These associated principles emphasize producing security a fundamental consideration from typically the start of style, and choosing risk-free defaults. "Secure simply by design" means you want the system structure with security inside of mind – intended for instance, segregating very sensitive components, using verified frameworks, and thinking of how each design decision could introduce risk. "Secure by default" means when the system is used, it will default to the most secure configurations, requiring deliberate actions to make it less secure (rather compared to the other method around).

An example of this is default account policy: a firmly designed application may possibly ship without having default admin password (forcing the installer in order to set a sturdy one) – since opposed to possessing a well-known default password that users may forget to alter. Historically, many software program packages are not protected by default; they'd install with open up permissions or test databases or debug modes active, and when an admin neglected to lock them down, it left cracks for attackers. After some time, vendors learned to invert this: right now, databases and operating systems often come along with secure configurations out there of the field (e. g., remote access disabled, trial users removed), plus it's up to the admin to be able to loosen if completely needed.

For programmers, secure defaults imply choosing safe collection functions by predetermined (e. g., standard to parameterized concerns, default to output encoding for internet templates, etc. ). It also indicates fail safe – if a part fails, it have to fail within a safeguarded closed state quite than an inferior open state. As an example, if an authentication service times out, a secure-by-default process would deny access (fail closed) quite than allow this.

## Privacy by simply Design

This concept, strongly related to safety measures by design, provides gained prominence especially with laws like GDPR. It means that will applications should become designed not just in end up being secure, but for admiration users' privacy coming from the ground up. In practice, this may involve data minimization (collecting only what is necessary), visibility (users know just what data is collected), and giving customers control of their data. While privacy is definitely a distinct website, it overlaps heavily with security: you can't have privateness if you can't secure the personal data you're liable for. Lots of the most severe data breaches (like those at credit score bureaus, health insurance providers, etc. ) will be devastating not only due to security disappointment but because they will violate the level of privacy of millions of people. Thus, modern software security often works hand in palm with privacy considerations.

## Threat Building

A vital practice in secure design is threat modeling – thinking like a great attacker to assume what could fail. During threat modeling, architects and designers systematically go through the design of an application to discover potential threats and vulnerabilities. They question questions like: Precisely what are we creating? What can go wrong? What will we all do about this? 1 well-known methodology intended for threat modeling is definitely STRIDE, developed with Microsoft, which holders for six types of threats: Spoofing identity, Tampering with info, Repudiation (deniability regarding actions), Information disclosure, Denial of support, and Elevation involving privilege.

By going for walks through each component of a system and even considering STRIDE dangers, teams can uncover dangers that may not be apparent at first glance. For example, consider a simple online payroll application. Threat recreating might reveal of which: an attacker may spoof an employee's identity by questioning the session token (so we have to have strong randomness), can tamper with wage values via the vulnerable parameter (so we need insight validation and server-side checks), could carry out actions and later on deny them (so we need good review logs to stop repudiation), could exploit an information disclosure bug in an error message in order to glean sensitive info (so we have to have user-friendly but vague errors), might test denial of services by submitting a huge file or even heavy query (so we need rate limiting and resource quotas), or consider to elevate freedom by accessing admin functionality (so many of us need robust entry control checks). By way of this process, safety requirements and countermeasures become much sharper.

Threat modeling is definitely ideally done earlier in development (during the structure phase) as a result that security is usually built in from the beginning, aligning with the "secure by design" philosophy. It's an evolving practice – modern threat which might also consider misuse cases (how could the system end up being misused beyond the particular intended threat model) and involve adversarial thinking exercises. We'll see its meaning again when discussing specific vulnerabilities and how developers will foresee and stop them.

## Associated risk Management

Not every safety issue is equally critical, and assets are always limited. So another strategy that permeates app security is risikomanagement. This involves determining the possibilities of a risk along with the impact have been it to happen. Risk is usually informally considered as an event of these a couple of: a vulnerability that's easy to exploit plus would cause extreme damage is higher risk; one that's theoretical or would likely have minimal effect might be reduced risk. Organizations generally perform risk checks to prioritize their particular security efforts. With regard to example, an on the web retailer might identify that the risk regarding credit card thievery (through SQL injection or XSS leading to session hijacking) is incredibly high, and hence invest heavily in preventing those, whilst the chance of someone triggering minor defacement in a less-used page might be accepted or handled with lower priority.

Frameworks like NIST's or even ISO 27001's risk management guidelines help inside systematically evaluating in addition to treating risks – whether by minify them, accepting these people, transferring them (insurance), or avoiding all of them by changing enterprise practices.

One real results of risk supervision in application protection is the development of a menace matrix or chance register where potential threats are listed along with their severity. This specific helps drive choices like which bugs to fix first or where to be able to allocate more testing effort. It's in addition reflected in spot management: if the new vulnerability is definitely announced, teams will certainly assess the risk to their application – is it exposed to of which vulnerability, how extreme is it – to choose how urgently to apply the area or workaround.

## Security vs. Functionality vs. Cost

The discussion of rules wouldn't be total without acknowledging typically the real-world balancing take action. Security measures can easily introduce friction or even cost. Strong authentication might mean even more steps to have an user (like 2FA codes); encryption might impede down performance a little bit; extensive logging may raise storage charges. A principle to follow along with is to seek stability and proportionality – security should become commensurate with the particular value of what's being protected. Excessively burdensome security that frustrates users can be counterproductive (users will dsicover unsafe workarounds, with regard to instance). The artwork of application safety measures is finding remedies that mitigate dangers while preserving a good user expertise and reasonable cost. Fortunately, with contemporary techniques, many protection measures can be made quite smooth – for instance, single sign-on alternatives can improve equally security (fewer passwords) and usability, in addition to efficient cryptographic your local library make encryption barely noticeable regarding overall performance.

In summary, these kinds of fundamental principles – CIA, AAA, least privilege, defense thorough, secure by design/default, privacy considerations, menace modeling, and risk management – form typically the mental framework intended for any security-conscious specialist. They will seem repeatedly throughout information as we examine specific technologies and even scenarios. Whenever an individual are unsure regarding a security selection, coming back in order to these basics (e. g., "Am My partner and i protecting confidentiality? Are really we validating honesty? Are we reducing privileges? Do we have multiple layers of defense? ") may guide you to some more secure result.

Using these principles on mind, we are able to right now explore the exact hazards and vulnerabilities of which plague applications, plus how to protect against them.