|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: Some bullet points related to security |
| 4 | +date: 2024-04-14 |
| 5 | +categories: programming |
| 6 | +tags: secure design architecture |
| 7 | +--- |
| 8 | + |
| 9 | +# Secure by Design notes |
| 10 | + |
| 11 | +Some notes after reading the book mentioned in the reference section. |
| 12 | + |
| 13 | +**1. Software Security Design and Practices:** |
| 14 | +- Security is best approached as a concern to be addressed rather than a checklist of features. |
| 15 | +- It's impractical to rely solely on constant vigilance for security during development; instead, seek design practices that inherently lead to secure solutions. |
| 16 | +- All decision-making activities in software development should be considered part of the design process, applicable at all levels from code to architecture. |
| 17 | +- Traditional software security approaches struggle because they require developers to be security experts and anticipate every possible vulnerability. |
| 18 | +- Shifting focus to design allows for achieving high software security without constant explicit consideration of security. |
| 19 | +- Strong design emphasis leads to more secure code compared to traditional security approaches. |
| 20 | +- XML parsers are inherently vulnerable to entity attacks due to the nature of XML. |
| 21 | +- Using generic types for specific data can introduce security vulnerabilities. |
| 22 | +- Understanding underlying parser implementations is crucial for configuring XML parsers securely. |
| 23 | +- Secure design promotes security in-depth by incorporating multiple layers of security. |
| 24 | +- Incomplete, missing, or shallow modeling can result in a design with security flaws. |
| 25 | +- Security flaws, such as broken business integrity, can persist in production, causing financial losses for the enterprise. |
| 26 | +- Conscious and explicit design leads to a more robust solution. |
| 27 | + |
| 28 | +**2. Domain Modeling:** |
| 29 | +- Building domain models promotes deep learning about the domain and serves as a language for system communication. |
| 30 | +- A domain model should be strict, unambiguous, and adhere to a ubiquitous language for common understanding among the team, including domain experts. |
| 31 | +- Multiple possible models exist when creating a domain model, and it's crucial to choose one that captures only essential aspects. |
| 32 | +- Entities, value objects, and aggregates are fundamental components of the domain model, with entities possessing consistent identity throughout their lifecycle. |
| 33 | +- Aggregates group model objects, maintain invariants among them, and have an aggregate root, which holds global identity and is typically the same as the aggregate in code. |
| 34 | +- Bounded context defines where the model's semantics hold, and changes in semantics indicate a boundary shift, aided by Conway's Law. |
| 35 | +- Domain primitives are the foundation of the domain model, immutable, and must be valid within the current domain. |
| 36 | +- Using domain primitives simplifies and secures the codebase, hardening APIs and mitigating sensitive data leakage. |
| 37 | +- Entities are recommended for handling mutable states, ensuring consistency upon creation, and can be partially immutable. |
| 38 | +- Attributes' integrity should be protected during access, with careful design for multithreaded environments. |
| 39 | +- The builder pattern is useful for constructing entities with complex constraints, and state handling is improved when extracted to a separate object. |
| 40 | +- Careful design is required for multithreaded environments with high capacity, with options like database locking or entity snapshots improving availability. |
| 41 | +- Introduce domain primitives at semantic boundaries of context and clarify defensive code constructs using contracts. |
| 42 | +- Ensure domain primitives cover entire conceptual wholes and address domain types lacking proper validation with secure entities. |
| 43 | + |
| 44 | +**3. Security Testing and Practices:** |
| 45 | +- Protect against Domain DoS attacks by verifying origin IP or requiring access keys, performing data size checks, and using simple regular expressions for lexical content checks. |
| 46 | +- Organize validation breakdown into origin checks, data size checks, lexical content checks, syntax format checks, and semantic checks. |
| 47 | +- Prioritize validation order, with earlier, more economical checks protecting later, more resource-intensive steps. |
| 48 | +- Segment tests into normal testing, boundary testing, invalid input testing, and extreme input testing to incorporate security into unit test suites efficiently. |
| 49 | +- Optimize regular expression usage by checking input length before execution to avoid inefficient backtracking. |
| 50 | +- Mitigate security vulnerabilities by verifying feature toggle mechanisms with automated tests, testing all possible combinations, and keeping toggles to a minimum to manage combinatory complexity. |
| 51 | +- Ensure auditability and record-keeping of toggle mechanisms. |
| 52 | +- Integrate automated security tests into build pipelines for regular penetration testing to maintain system security. |
| 53 | +- Consider availability as a critical security aspect in system design, simulating DoS attacks to reveal weaknesses. |
| 54 | +- Address security issues stemming from misconfiguration through identification of configuration hot spots and testing default tool behavior. |
| 55 | +- Implement the fail-fast principle by checking preconditions early in each method to control failures. |
| 56 | +- Mitigate security bugs caused by ambiguous parameters in APIs through direct, discovery, or new API approaches. |
| 57 | +- Prevent second-order injection attacks by avoiding logging unchecked user input and limiting access to sensitive values. |
| 58 | +- Utilize explicit accessor methods for data intended for logging to avoid accidental inclusion of new fields in logs, enhancing security. |
| 59 | +- Leverage tests to uncover weaknesses in code, especially through invalid and extreme input tests. |
| 60 | + |
| 61 | +**4. Resilience and Availability:** |
| 62 | +- Ensure data integrity by maintaining consistency and accuracy throughout the data lifecycle. |
| 63 | +- Guarantee data availability by ensuring obtainability and accessibility at expected performance levels. |
| 64 | +- Leverage immutable values, which are safe to share between threads without locking or blocking. |
| 65 | +- Benefit from immutability by solving data availability issues through scalability and preventing data integrity issues by disallowing change. |
| 66 | +- Utilize contracts to effectively clarify the responsibilities of objects and methods, enhancing resilience and availability. |
| 67 | + |
| 68 | +**5. Microservices Security:** |
| 69 | +- Ensure a good microservice possesses an independent runtime for independent updates and is resilient to other services being down. |
| 70 | +- Treat each microservice as a bounded context to aid in designing more secure APIs and apply secure design principles like domain primitives and context mapping. |
| 71 | +- Mitigate security pitfalls by only exposing domain operations in APIs, using explicit context mapping between services, and paying extra attention to evolving APIs. |
| 72 | +- Assess confidentiality, integrity, availability, and traceability (CIA-T) across all services and identify sensitive data that needs to be secured. |
| 73 | +- Emphasize the integrity of log data through normalization and categorization, requiring extensive domain knowledge. |
| 74 | +- Uniquely identify services by their name, version number, and instance ID, and ensure traceability of transactions across systems. |
| 75 | +- Utilize a logger with a domain-oriented API to consider the confidentiality of log data and prevent accidental information leakage by avoiding intermixing sensitive and nonsensitive data in the same log. |
| 76 | + |
| 77 | +Here's the adjusted bullet list: |
| 78 | + |
| 79 | +**6. Secure Software Development Practices:** |
| 80 | +- Adopt a design strategy of separating business exceptions from technical exceptions to maintain clarity and consistency. |
| 81 | +- Avoid mixing technical and business exceptions using the same type to prevent confusion and maintain code integrity. |
| 82 | +- Ensure good design practice by never including business data in technical exceptions to safeguard sensitive information. |
| 83 | +- Design software systems to handle failures gracefully, treating them as normal, unexceptional results. |
| 84 | +- Prioritize availability as a crucial security goal, enhancing system resilience and responsiveness to improve overall security. |
| 85 | +- Implement design patterns like circuit breakers, bulkheads, and timeouts to enhance system availability and mitigate potential failures. |
| 86 | +- Minimize risk by avoiding repairing data before validation and never echoing input verbatim to prevent security vulnerabilities. |
| 87 | +- Apply twelve-factor app and cloud-native concepts for enhanced application and system security, emphasizing stateless processes and backing services. |
| 88 | +- Separate code and configuration to facilitate deployment across multiple environments without rebuilding, while avoiding storing sensitive data in resource files. |
| 89 | +- Manage environment-dependent configuration as part of the environment and incorporate administration tasks into the solution. |
| 90 | +- Enhance security by avoiding local file logging and opting for centralized logging services. |
| 91 | +- Improve security and availability through service discovery, supporting dynamic system changes. |
| 92 | +- Implement the three R's (rotate, repave, repair) for improved security, particularly in cloud-based applications. |
| 93 | +- Apply the DRY principle to repeated representation of knowledge rather than text, avoiding unnecessary dependencies. |
| 94 | +- Conduct code security reviews as a recurring part of secure software development and invest in tooling for quick access to security vulnerability information. |
| 95 | +- Establish a proactive strategy for addressing security vulnerabilities in regular development cycles, incorporating pen tests to challenge design and detect issues. |
| 96 | +- Utilize feedback generated by pen tests to improve strategies and processes and consider bug bounty programs for continuous pen testing, acknowledging their complexity and resource demands. |
| 97 | + |
| 98 | +**7. Knowledge Acquisition and Application:** |
| 99 | +- Initiate deliberate discovery early to gain deep insights into the domain, focusing on specificity initially and abstracting later for clarity. |
| 100 | +- Expand expertise by gathering knowledge from adjacent domains, facilitating cross-disciplinary problem-solving. |
| 101 | +- Prioritize semantic consistency by refactoring names when semantics change, especially outside bounded contexts, to maintain clarity and cohesion. |
| 102 | +- Acquire knowledge in the field of security to effectively address security problems, applying insights from different domains to enhance security measures. |
| 103 | +- Recognize the distinction between incident handling and problem resolution, involving the team in incident handling and focusing on learning and resilience to improve security posture. |
| 104 | + |
| 105 | +References: [Secure By Design](https://www.amazon.com/Secure-Design-Daniel-Deogun/dp/1617294357) |
0 commit comments