Defensive Programming & Secure Code Review Concepts

Key Security Principles

• CIA Triad

  • Confidentiality: Protection against unauthorized access.

  • Techniques: Secret Writing, Masking.

  • Integrity: Ensuring accuracy and trustworthiness of data.

  • Techniques: Validation, Monitoring.

  • Availability: Regulating system uptime and reliability.

  • Key Metrics:

    • Maximum Tolerable Downtime (MTD)

    • Recovery Time Objective (RTO)

    • Recovery Point Objective (RPO)

Security by Design

• Shift-Left Security Approach

  • Incorporates security early in the development lifecycle.

• Principles of Secure Design:

  • Least Privilege

  • Definition: Users and systems have minimum access necessary to perform tasks.

  • Benefits: Limits the impact of breaches. E.g., read-only access prevents data modification.

  • Separation of Duties

  • Definition: Divides responsibilities among individuals to prevent fraud/errors.

  • Benefits: Reduces risk. E.g., different people for code review, approval, and deployment.

  • Defense in Depth

  • Definition: Multiple layers of security controls to mitigate diverse threats.

  • Benefits: Additional layers ensure protection even when one fails.

  • Examples: Firewalls, intrusion detection systems, secure coding practices, and audits.

  • Fail-Safe Defaults

  • Definition: Systems default to secure states during failures.

  • Benefits: Prevents unauthorized access unless explicitly granted. E.g., firewalls block all traffic by default.

Vulnerabilities Score: CVSS

• Overview: Common Vulnerability Scoring System for assessing software vulnerability severity.

• Key Components:

  • Base Score: Inherent severity based on exploitability/impact.

  • Temporal Score: Adjusted base score considering exploit availability, remediation effort.

  • Environmental Score: Adjusted score depending on specific environment.

• Usage: Prioritizes vulnerability remediation efforts.

• Examples: Remote Code Execution Vulnerability

  • Base Metrics:

  • Attack Vector: Network (High)

  • Attack Complexity: Low

  • Privileges Required: None

  • Impact Metrics (Confidentiality, Integrity, Availability): High

  • Base Score: 9.8 (Critical)

Threat Modeling Fundamentals

• Definition: Structured process for identifying, evaluating, and mitigating potential threats.

• Process:

  • Identify security objectives.

  • Recognize threats and vulnerabilities.

  • Evaluate risks.

  • Design countermeasures.

• Location in SSDLC: Usually in the Secure Design Phase to embed security architecture.

Threat Modeling Methodology

• Core Components:

  • Scope Your Work: Understand the system using diagrams, identify key components (entry points, assets, trust levels).

  • External Dependencies: Document expected operational environment (e.g., hardened servers behind firewalls).

  • Determine Threats: Use frameworks like STRIDE, DREAD, PASTA, TRIKE, VAST, LINDDUN, OCTAVE

  • STRIDE: Security threat classification based on attacker-centric analysis.

  • DREAD: Risk-based prioritization numerically assessing severity.

  • PASTA: Business-driven planning with attack simulation.

  • TRIKE: Access control and auditing focus.

  • VAST: Scalable model for DevOps.

  • LINDDUN: Privacy threat modeling.

  • OCTAVE: Enterprise risk management for prioritizing security investments.

Benefits of Threat Modeling

• Early Detection of Security Flaws

• Prioritization of Security Efforts

• Improved Software Design

• Enhanced Communication

• Compliance with Security Standards

• Reduced Attack Surface

• Cost Efficiency