Skip to content

Instantly share code, notes, and snippets.

@eddiecorrigall

eddiecorrigall/security-design.md

Last active May 6, 2024 01:20
Show Gist options
  • Save eddiecorrigall/8eb2ff01a79c52c51f0b4ae814b28e64 to your computer and use it in GitHub Desktop.
Save eddiecorrigall/8eb2ff01a79c52c51f0b4ae814b28e64 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
security-design.md

Security Design Principles

References:

Least Privilege

  • Minimum access required to perform function
  • Limit unauthorized access to resources
  • Example: do not run applications as root user
  • Example: use time-to-live access to limit control to a given time period

Full Disclosure of Vulnerabilities

  • Ensure that the window of vulnerability is kept as short as possible when bugs are discovered

Automated Theorem Proving

  • Prove correctnes of critical software

Code Review + Unit Testing

  • Attempt security for modules where formal correctness proofs are not possible

Sepration of Duties

  • Also known as: Sepration of Concerns
  • System of checks and balances to ensure no individual has control over all aspects
  • Assign different tasks to different people, to ensure that a single person does not control the entire process
  • Reduce fraud
  • Example: a business expense should be submitted and approved by different people

Defense in Depth

  • Layers of security control to protect access
  • Force attacker to defeat multiple layers and avoid single point of failure
  • Example: multi-factor authentication for user login

Zero Trust

  • All users, devices, and networks are untrusted, and must be verified
  • Example: do not assume an email was written by a colleague unless it has been verified

Security in the Open

  • Emphasizes the importance of security in open source software
  • Developers should be aware of security implications of their software and ensure code is secure
  • Example: use dependency scanning to analyze software

Secure by Default

  • Deny access by default
  • Requires deliberate, conscience decision in order to be made insecure
  • Example: a web server configuration should default to HTTPS

Audit Trails

  • Track system activity so when breach occurs the mechanism and extent can be determined
  • Best practices: store remotely and append only logging
  • Example: access logs

Minimize Attack Surface

  • Example: remove unused code or features

Open Design

  • Do not rely on secret designs, attacker ignorance or security by obscurity
  • Invite and encourage open review and analysis

Jargon

  • eavesdropping
  • privilege escalation
  • side-channel attack
  • backdoor
  • reverse engineering
  • tampering
  • html smuggling - defeat content filters
  • phising - attempt to acquire sensitive information such as username and password, credit card, etc, by deceiving users via email, fake website, social engineering, etc.
  • cross-site request forgery
    • one-click attack
    • exploits a trusted user to perform action
    • sites that rely on identity (but not verification)
    • exploits trust in user
  • stack overflow
  • denial of service attack
  • cross-site scripting
    • exploits a web form that accepts user input that is not sanitized for JavaScript
    • runs code on any web brwoser that loads the page including logged-in users
  • SQL injection - exploits code that lacks validation and uses sql query to access database with original user data
  • man-in-the-middle
  • social engineering
  • penetration testing
  • zero-day exploit
  • spoofing - identify as another person or system by falsifying data
  • malware
  • trojan horse
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment