References:
- https://cheatsheetseries.owasp.org/cheatsheets/Secure_Product_Design_Cheat_Sheet.html
- https://www.redhat.com/en/blog/security-design-security-principles-and-threat-modeling
- Minimum access required to perform function
- Limit unauthorized access to resources
- Example: do not run applications as root user
- Example: use time-to-live access to limit control to a given time period
- Ensure that the window of vulnerability is kept as short as possible when bugs are discovered
- Prove correctnes of critical software
- Attempt security for modules where formal correctness proofs are not possible
- Also known as: Sepration of Concerns
- System of checks and balances to ensure no individual has control over all aspects
- Assign different tasks to different people, to ensure that a single person does not control the entire process
- Reduce fraud
- Example: a business expense should be submitted and approved by different people
- Layers of security control to protect access
- Force attacker to defeat multiple layers and avoid single point of failure
- Example: multi-factor authentication for user login
- All users, devices, and networks are untrusted, and must be verified
- Example: do not assume an email was written by a colleague unless it has been verified
- Emphasizes the importance of security in open source software
- Developers should be aware of security implications of their software and ensure code is secure
- Example: use dependency scanning to analyze software
- Deny access by default
- Requires deliberate, conscience decision in order to be made insecure
- Example: a web server configuration should default to HTTPS
- Track system activity so when breach occurs the mechanism and extent can be determined
- Best practices: store remotely and append only logging
- Example: access logs
- Example: remove unused code or features
- Do not rely on secret designs, attacker ignorance or security by obscurity
- Invite and encourage open review and analysis
- eavesdropping
- privilege escalation
- side-channel attack
- backdoor
- reverse engineering
- tampering
- html smuggling - defeat content filters
- phising - attempt to acquire sensitive information such as username and password, credit card, etc, by deceiving users via email, fake website, social engineering, etc.
- cross-site request forgery
- one-click attack
- exploits a trusted user to perform action
- sites that rely on identity (but not verification)
- exploits trust in user
- stack overflow
- denial of service attack
- cross-site scripting
- exploits a web form that accepts user input that is not sanitized for JavaScript
- runs code on any web brwoser that loads the page including logged-in users
- SQL injection - exploits code that lacks validation and uses sql query to access database with original user data
- man-in-the-middle
- social engineering
- penetration testing
- zero-day exploit
- spoofing - identify as another person or system by falsifying data
- malware
- trojan horse