Log in Subscribe

Core Security Principles plus Concepts

Rindom McNeil
· 12 min read
Core Security Principles plus Concepts

# Chapter 3: Core Security Principles and Concepts

Just before diving further straight into threats and defenses, it's essential to establish the basic principles that underlie application security. These types of core concepts are the compass through which security professionals find their way decisions and trade-offs. They help reply why certain controls are necessary plus what goals we all are trying to be able to achieve. Several foundational models and principles guide the design in addition to evaluation of protected systems, the virtually all famous being the particular CIA triad plus associated security concepts.

## The CIA Triad – Confidentiality, Integrity, Availability

At the heart of information protection (including application security) are three principal goals:

1. **Confidentiality** – Preventing unapproved use of information. In simple terms, keeping secrets secret. Only those who happen to be authorized (have typically the right credentials or permissions) should be able to look at or use delicate data. According in order to NIST, confidentiality means "preserving authorized constraints on access and even disclosure, including methods for protecting personalized privacy and exclusive information"​
PTGMEDIA. PEARSONCMG. COM
. Breaches regarding confidentiality include trends like data leaks, password disclosure, or an attacker studying someone else's email messages. A real-world illustration is an SQL injection attack of which dumps all user records from the database: data that will should are already private is subjected to typically the attacker. The other involving confidentiality is disclosure​
PTGMEDIA. PEARSONCMG. POSSUINDO
– when info is revealed to these not authorized to be able to see it.

2. **Integrity** – Safeguarding data and methods from unauthorized adjustment. Integrity means that information remains precise and trustworthy, in addition to that system capabilities are not tampered with. For illustration, if the banking program displays your account balance, integrity measures ensure that a good attacker hasn't illicitly altered that harmony either in passage or in the database. Integrity can easily be compromised by attacks like tampering (e. g., changing values within an URL to access someone else's data) or by faulty program code that corrupts data. A classic device to make sure integrity is the usage of cryptographic hashes or autographs – when a file or message is usually altered, its signature bank will no more time verify. The reverse of integrity is usually often termed alteration – data getting modified or damaged without authorization​
PTGMEDIA. PEARSONCMG. COM
.

three or more. **Availability** – Ensuring systems and data are accessible as needed. Even if files is kept top secret and unmodified, it's of little work with in case the application is usually down or unreachable. Availability means of which authorized users can easily reliably access typically the application and it is functions in a new timely manner. Dangers to availability include DoS (Denial involving Service) attacks, exactly where attackers flood a new server with targeted visitors or exploit a vulnerability to crash the system, making it unavailable to genuine users. Hardware downfalls, network outages, or perhaps even design issues that can't handle pinnacle loads are likewise availability risks. Typically the opposite of availability is often described as destruction or denial – data or even services are damaged or withheld​
PTGMEDIA. PEARSONCMG. COM
. Typically the Morris Worm's impact in 1988 seemed to be a stark reminder of the need for availability: it didn't steal or modify data, but by making systems crash or even slow (denying service), it caused major damage​
CCOE. DSCI. IN
.

These three – confidentiality, honesty, and availability – are sometimes referred to as the "CIA triad" and are considered the three pillars involving security. Depending on the context, a great application might prioritize one over typically the others (for example of this, a public news website primarily cares about you that it's available and its particular content sincerity is maintained, confidentiality is much less of the issue considering that the articles is public; conversely, a messaging software might put confidentiality at the top rated of its list). But a secure application ideally should enforce all three in order to an appropriate level. Many security controls can be comprehended as addressing one particular or more of these pillars: encryption supports confidentiality (by striving data so only authorized can examine it), checksums plus audit logs assistance integrity, and redundancy or failover techniques support availability.

## The DAD Triad (Opposites of CIA)

Sometimes it's beneficial to remember the flip side associated with the CIA triad, often called DADDY:

- **Disclosure** – Unauthorized access to information (breach regarding confidentiality).
- **Alteration** – Unauthorized modify of information (breach associated with integrity).
- **Destruction/Denial** – Unauthorized destruction info or refusal of service (breach of availability).

Safety efforts aim in order to prevent DAD effects and uphold CIA. A single assault can involve several of these elements. By way of example, a ransomware attack might each disclose data (if the attacker burglarizes a copy) and deny availability (by encrypting the victim's copy, locking these people out). A website exploit might change data within a data source and thereby breach integrity, etc.

## Authentication, Authorization, and even Accountability (AAA)

Within securing applications, specifically multi-user systems, we all rely on additional fundamental concepts often referred to as AAA:

1. **Authentication** – Verifying the identity of an user or method. Whenever you log in with an username and password (or more firmly with multi-factor authentication), the system is authenticating you – making sure you will be who you claim to be. Authentication answers the problem: Who will be you? Typical methods include security passwords, biometric scans, cryptographic keys, or tokens.  click now  is that authentication ought to be strong enough to thwart impersonation. Fragile authentication (like very easily guessable passwords or perhaps no authentication high should be) is a frequent cause regarding breaches.

2. **Authorization** – Once identification is made, authorization adjustments what actions or perhaps data the authenticated entity is granted to access. That answers: Precisely what are you allowed to perform? For example, after you log in, an online banking application will authorize you to see your personal account details although not someone else's. Authorization typically entails defining roles or even permissions. A susceptability, Broken Access Manage, occurs when these checks fail – say, an attacker finds that by changing a list USERNAME in an WEB LINK they can watch another user's information for the reason that application isn't properly verifying their particular authorization. In reality, Broken Access Handle was identified as typically the number one web application risk in the 2021 OWASP Top 10, present in 94% of applications tested​
IMPERVA. APRESENTANDO
, illustrating how predominanent and important correct authorization is.

several. **Accountability** (and Auditing) – This refers to the ability to trace actions in the system for the liable entity, which usually implies having proper working and audit paths. If something goes wrong or dubious activity is discovered, we need to know who would what. Accountability will be achieved through working of user steps, and by possessing tamper-evident records. It works hand-in-hand with authentication (you can simply hold someone liable knowing which consideration was performing the action) and using integrity (logs them selves must be guarded from alteration). Inside application security, setting up good logging and monitoring is important for both detecting incidents and undertaking forensic analysis right after an incident. Because we'll discuss inside of a later phase, insufficient logging plus monitoring enables breaches to go undiscovered – OWASP details this as an additional top issue, observing that without correct logs, organizations may fail to notice an attack until it's far as well late​
IMPERVA. COM

IMPERVA. APRESENTANDO
.

Sometimes you'll see an expanded acronym like IAAA (Identification, Authentication, Authorization, Accountability) which just fractures out identification (the claim of identification, e. g. entering username, before genuine authentication via password) as an independent step. But the particular core ideas remain the identical. A protected application typically enforces strong authentication, strict authorization checks with regard to every request, and even maintains logs intended for accountability.

## Theory of Least Freedom

One of typically the most important design principles in safety measures is to give each user or component the minimum privileges necessary in order to perform its function, with out more. This particular is called the basic principle of least benefit. In practice, this means if an app has multiple functions (say admin vs regular user), typically the regular user balances should have no ability to perform admin-only actions. If a new web application demands to access a database, the repository account it uses needs to have permissions simply for the specific tables and operations needed – by way of example, in case the app by no means needs to delete data, the DB account shouldn't even have the DELETE privilege. By limiting privileges, whether or not the attacker compromises an user account or even a component, the damage is contained.

A bare example of certainly not following least freedom was the Funds One breach of 2019: a misconfigured cloud permission granted a compromised part (a web program firewall) to access all data by an S3 storage space bucket, whereas in the event that that component acquired been limited to only certain data, the particular breach impact would certainly have been much smaller​
KREBSONSECURITY. APRESENTANDO

KREBSONSECURITY. APRESENTANDO
. Least privilege furthermore applies with the computer code level: in case a module or microservice doesn't need certain gain access to, it shouldn't have got it. Modern container orchestration and impair IAM systems ensure it is easier to put into action granular privileges, yet it requires innovative design.

## Protection in Depth

This kind of principle suggests that security should always be implemented in overlapping layers, so that in case one layer does not work out, others still provide protection. Basically, don't rely on any kind of single security control; assume it can easily be bypassed, and even have additional mitigations in place. For an application, security in depth may possibly mean: you confirm inputs on the client side for usability, but an individual also validate them on the server based (in case the attacker bypasses the customer check). You secure the database at the rear of an internal firewall, and you also create code that bank checks user permissions just before queries (assuming an attacker might infringement the network). In the event that using encryption, an individual might encrypt hypersensitive data in the repository, but also implement access controls with the application layer plus monitor for unconventional query patterns. Defense in depth is usually like the sheets of an onion – an attacker who gets by way of one layer ought to immediately face one more. This approach counters the point that no single defense is certain.

For example, imagine an application relies on a net application firewall (WAF) to block SQL injection attempts. Security in depth would dispute the application form should continue to use safe coding practices (like parameterized queries) to sanitize inputs, in case the WAF does not show for a novel harm. A real scenario highlighting this was the truth of particular web shells or perhaps injection attacks that were not recognized by security filters – the internal application controls then served as the particular final backstop.

## Secure by Style and Secure simply by Default

These related principles emphasize producing security an essential consideration from the particular start of style, and choosing safe defaults. "Secure by simply design" means you intend the system structures with security inside of mind – intended for instance, segregating sensitive components, using proven frameworks, and taking into consideration how each design decision could present risk. "Secure simply by default" means when the system is stationed, it should default to the best options, requiring deliberate action to make it less secure (rather compared to the other method around).

An example of this is default bank account policy: a safely designed application may well ship with no standard admin password (forcing the installer to be able to set a sturdy one) – while opposed to possessing a well-known default pass word that users may possibly forget to alter. Historically, many software program packages were not safeguarded by default; they'd install with wide open permissions or test databases or debug modes active, and if an admin opted to not lock them lower, it left slots for attackers. As time passes, vendors learned to be able to invert this: today, databases and systems often come with secure configurations out of the box (e. g., remote control access disabled, test users removed), and it's up in order to the admin to be able to loosen if completely needed.

For designers, secure defaults mean choosing safe library functions by standard (e. g., arrears to parameterized questions, default to end result encoding for web templates, etc. ). It also signifies fail safe – if a component fails, it ought to fail inside a protected closed state somewhat than an unconfident open state. For example, if an authentication service times out there, a secure-by-default approach would deny gain access to (fail closed) instead than allow it.

## Privacy simply by Design

Idea, carefully related to protection by design, offers gained prominence especially with laws like GDPR. It means of which applications should always be designed not just in always be secure, but for regard users' privacy coming from the ground way up. Used, this might involve data minimization (collecting only precisely what is necessary), openness (users know exactly what data is collected), and giving customers control of their information. While privacy is usually a distinct domain name, it overlaps heavily with security: you can't have privacy if you can't secure the individual data you're responsible for. A lot of the most detrimental data breaches (like those at credit score bureaus, health insurance providers, etc. ) will be devastating not only because of security disappointment but because they will violate the personal privacy of millions of persons. Thus, modern app security often functions hand in hand with privacy concerns.

## Threat Modeling

A key practice inside secure design is threat modeling – thinking like a good attacker to anticipate what could make a mistake. During threat which, architects and designers systematically go coming from the type of a good application to recognize potential threats in addition to vulnerabilities. They ask questions like: Exactly what are we creating? What can go wrong? What will we do regarding it? A single well-known methodology intended for threat modeling will be STRIDE, developed with Microsoft, which holders for six types of threats: Spoofing identity, Tampering with information, Repudiation (deniability involving actions), Information disclosure, Denial of service, and Elevation associated with privilege.

By going for walks through each component of a system and considering STRIDE hazards, teams can find out dangers that may well not be obvious at first peek. For example, look at a simple online payroll application. Threat building might reveal that: an attacker may spoof an employee's identity by questioning the session token (so we need to have strong randomness), can tamper with earnings values via some sort of vulnerable parameter (so we need type validation and server-side checks), could execute actions and later on deny them (so we require good review logs to stop repudiation), could take advantage of an information disclosure bug in a good error message in order to glean sensitive details (so we need user-friendly but hazy errors), might attempt denial of support by submitting some sort of huge file or even heavy query (so we need price limiting and useful resource quotas), or try to elevate opportunity by accessing administrator functionality (so we need robust access control checks). By way of this process, protection requirements and countermeasures become much sharper.

Threat modeling will be ideally done earlier in development (during the look phase) thus that security is built in in the first place, aligning with the particular "secure by design" philosophy. It's a good evolving practice – modern threat building might also consider abuse cases (how could the system always be misused beyond the particular intended threat model) and involve adversarial thinking exercises. We'll see its meaning again when discussing specific vulnerabilities and how developers may foresee and avoid them.

## Chance Management

Not every security issue is both equally critical, and solutions are always small. So another principle that permeates application security is risk management.  https://docs.shiftleft.io/core-concepts/code-property-graph  involves assessing the likelihood of a threat along with the impact were it to take place. Risk is normally informally considered as a function of these two: a vulnerability that's simple to exploit plus would cause extreme damage is high risk; one that's theoretical or might have minimal effect might be lower risk. Organizations frequently perform risk examination to prioritize their particular security efforts. Regarding example, an online retailer might determine the risk involving credit card theft (through SQL injection or XSS leading to session hijacking) is incredibly high, and therefore invest heavily found in preventing those, although the chance of someone creating minor defacement upon a less-used webpage might be acknowledged or handled with lower priority.

Frames like NIST's or even ISO 27001's risikomanagement guidelines help inside systematically evaluating and treating risks – whether by mitigating them, accepting these people, transferring them (insurance), or avoiding these people by changing company practices.

One tangible response to risk managing in application security is the design of a menace matrix or risk register where potential threats are detailed with their severity. This helps drive judgements like which bugs to fix 1st or where in order to allocate more assessment effort. It's likewise reflected in spot management: if a new new vulnerability is usually announced, teams will certainly assess the danger to their software – is it exposed to that will vulnerability, how serious is it – to make the decision how urgently to use the spot or workaround.

## Security vs. Usability vs. Cost

A discussion of rules wouldn't be finish without acknowledging typically the real-world balancing take action. Security measures could introduce friction or perhaps cost. Strong authentication might mean even more steps for the customer (like 2FA codes); encryption might slow down performance somewhat; extensive logging may raise storage charges. A principle to follow along with is to seek balance and proportionality – security should become commensurate with typically the value of what's being protected. Excessively burdensome security that will frustrates users can be counterproductive (users will dsicover unsafe workarounds, intended for instance). The artwork of application security is finding options that mitigate dangers while preserving a good user knowledge and reasonable price. Fortunately, with modern day techniques, many security measures can be made quite soft – for illustration, single sign-on remedies can improve each security (fewer passwords) and usability, plus efficient cryptographic libraries make encryption barely noticeable with regards to efficiency.

In summary, these types of fundamental principles – CIA, AAA, least privilege, defense comprehensive, secure by design/default, privacy considerations, danger modeling, and risikomanagement – form the particular mental framework regarding any security-conscious doctor. They will look repeatedly throughout information as we examine specific technologies and even scenarios. Whenever a person are unsure regarding a security decision, coming back in order to these basics (e. g., "Am We protecting confidentiality? Are generally we validating integrity? Are we minimizing privileges? Can we include multiple layers of defense? ") could guide you to a more secure result.

Using these principles inside mind, we can now explore the actual hazards and vulnerabilities of which plague applications, plus how to defend against them.