In-Depth Notes on Defensive Programming, Secure Code Review & Key Security Principles

Key Security Principles:

• CIA Triad:

  • Confidentiality: Protection against unauthorized access (Techniques: secret writing, masking).

  • Integrity: Ensuring data validity (Techniques: validation, monitoring).

  • Availability: Ensuring system reliability (Key metrics: Maximum Tolerable Downtime, Recovery Time Objective, Recovery Point Objective).

Security by Design:

• Shift-Left Security: Incorporating security early in development.

• Secure Design Principles:

  • Least Privilege: Minimum access rights granted.

  • Separation of Duties: Divided responsibilities to reduce errors.

  • Defense in Depth: Multi-layer protection.

  • Fail-Safe Defaults: Deny access by default unless granted.

Vulnerability Scores:

• CVSS: Framework for assessing vulnerability severity. It comprises three score types:

  • Base Score: Reflects the intrinsic qualities of a vulnerability (e.g., access vector, complexity, authentication).

  • Temporal Score: Accounts for factors that may change over time (e.g., exploitability, remediation level, report confidence).

  • Environmental Score: Adjusts the base and temporal scores based on the specific environment where the vulnerability exists (e.g., collateral damage potential, target distribution).

• Vulnerability Management Process: Involves identifying, classifying, remediating, and mitigating vulnerabilities. Key steps include:

  • Regular vulnerability scanning to identify weaknesses in systems.

  • Risk assessment to prioritize patching based on the potential impact and exploitability.

  • Continuous monitoring to ensure newly discovered vulnerabilities are managed efficiently.

Threat Modeling Fundamentals:

• Threat Modeling: A structured approach to identifying and mitigating security threats throughout the software development lifecycle. The process enhances security by addressing potential security flaws before they can be exploited. Key benefits include:

  • Early Flaw Detection: Identifying security risks early reduces the cost of fixing them.

  • Prioritization: Allows teams to prioritize risks based on their potential impact and likelihood of occurrence.

  • Improved Design: Helps in designing systems with security considerations integrated from the outset.

  • Cost Efficiency: Reducing vulnerabilities early can significantly lower the cost of post-release fixes.

• Methodology: A systematic process for threat modeling typically involves the following steps:

  1. Scope your work: Understand the systems and data flow involved. Create an architecture diagram that illustrates how data flows through the system.

  2. Determine threats: Use established frameworks (e.g., STRIDE - Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege; DREAD - Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability) to identify potential threats to the data and system.

  3. Identify vulnerabilities: Assess the architecture diagram and identify potential vulnerabilities that could be exploited by the identified threats.

  4. Document and address risks: Document findings in a threat model and determine the best approach to mitigate the identified risks, either through code changes, architectural improvements, or implementing security controls.

  5. Review regularly: Threat modeling should be an iterative process, revisiting and updating the model as the system evolves and new threats emerge.