Main Security Principles and Concepts

# Chapter three or more: Core Security Principles and Concepts

Prior to diving further directly into threats and protection, it's essential to establish the important principles that underlie application security. These types of core concepts will be the compass in which security professionals find their way decisions and trade-offs. They help answer why certain handles are necessary and what goals we are trying to achieve. Several foundational models and concepts slowly move the design and even evaluation of secure systems, the virtually all famous being the particular CIA triad in addition to associated security guidelines.

## The CIA Triad – Privacy, Integrity, Availability

At the heart of information safety (including application security) are three major goals:

1. **Confidentiality** – Preventing not authorized use of information. Throughout simple terms, preserving secrets secret. Simply those who are authorized (have the right credentials or even permissions) should become able to look at or use sensitive data. According to NIST, confidentiality implies "preserving authorized constraints on access in addition to disclosure, including means for protecting private privacy and private information"​
PTGMEDIA. PEARSONCMG. COM
. Breaches involving confidentiality include phenomena like data water leaks, password disclosure, or perhaps an attacker looking at someone else's e-mails. A real-world illustration is an SQL injection attack that dumps all customer records from a new database: data that should happen to be secret is subjected to the particular attacker. The alternative involving confidentiality is disclosure​
PTGMEDIA. PEARSONCMG. CONTENDO
– when data is showed those not authorized to be able to see it.

2. **Integrity** – Guarding data and methods from unauthorized modification. Integrity means of which information remains accurate and trustworthy, in addition to that system functions are not interfered with. For illustration, if a banking software displays your consideration balance, integrity procedures ensure that the attacker hasn't illicitly altered that balance either in flow or in typically the database. Integrity can certainly be compromised by simply attacks like tampering (e. g., altering values in a LINK to access an individual else's data) or perhaps by faulty program code that corrupts data. A classic mechanism to make certain integrity will be the use of cryptographic hashes or signatures – when a document or message is altered, its personal will no longer verify. The reverse of of integrity will be often termed modification – data getting modified or corrupted without authorization​
PTGMEDIA. PEARSONCMG. COM
.

three or more. **Availability** – Making sure systems and data are accessible when needed. Even if information is kept top secret and unmodified, it's of little employ in case the application is definitely down or unapproachable. Availability means of which authorized users can easily reliably access the particular application and its functions in some sort of timely manner. Risks to availability incorporate DoS (Denial of Service) attacks, in which attackers flood the server with site visitors or exploit some sort of vulnerability to crash the machine, making this unavailable to reputable users. Hardware failures, network outages, or even even design issues that can't handle top loads are furthermore availability risks. The opposite of accessibility is often described as destruction or denial – data or services are ruined or withheld​
PTGMEDIA. PEARSONCMG. COM
. Typically the Morris Worm's impact in 1988 was a stark tip of the importance of availability: it didn't steal or modify data, but by causing systems crash or perhaps slow (denying service), it caused significant damage​
CCOE. DSCI. IN
.

These 3 – confidentiality, integrity, and availability – are sometimes referred to as the "CIA triad" and are considered the three pillars of security. Depending upon the context, a good application might prioritize one over typically the others (for instance, a public reports website primarily cares for you that it's obtainable as well as its content ethics is maintained, confidentiality is less of a good issue since the articles is public; conversely, a messaging iphone app might put confidentiality at the leading of its list). But a protected application ideally should enforce all three in order to an appropriate diploma. Many security controls can be recognized as addressing one particular or more of those pillars: encryption aids confidentiality (by striving data so simply authorized can go through it), checksums and audit logs help integrity, and redundancy or failover techniques support availability.

## The DAD Triad (Opposites of CIA)

Sometimes it's helpful to remember the particular flip side regarding the CIA triad, often called FATHER:

- **Disclosure** – Unauthorized access in order to information (breach of confidentiality).
- **Alteration** – Unauthorized change details (breach involving integrity).
- **Destruction/Denial** – Unauthorized devastation info or refusal of service (breach of availability).

Security efforts aim to prevent DAD outcomes and uphold CIA. A single attack can involve multiple of these aspects. For example, a ransomware attack might equally disclose data (if the attacker burglarizes a copy) and deny availability (by encrypting the victim's copy, locking these people out). A web exploit might change data in a databases and thereby breach integrity, and so on.

## Authentication, Authorization, in addition to Accountability (AAA)

Within securing applications, specifically multi-user systems, we all rely on additional fundamental concepts often referred to as AAA:

1. **Authentication** – Verifying the identity of a good user or program. When you log in with an account information (or more safely with multi-factor authentication), the system is usually authenticating you – making sure you will be who you state to be. Authentication answers the question: Which are you? Common methods include passwords, biometric scans, cryptographic keys, or tokens. A core theory is the fact authentication ought to be strong enough in order to thwart impersonation. Weak authentication (like quickly guessable passwords or even no authentication high should be) is a frequent cause involving breaches.

2. **Authorization** – Once identity is established, authorization handles what actions or perhaps data the authenticated entity is allowed to access. That answers: Exactly what are you allowed to do? For example, right after you sign in, the online banking app will authorize that you see your individual account details but not someone else's. Authorization typically requires defining roles or permissions. The vulnerability, Broken Access Handle, occurs when these kinds of checks fail – say, an assailant finds that by simply changing a list USERNAME in an LINK they can see another user's data because the application isn't properly verifying their own authorization. In simple fact, Broken Access Handle was referred to as typically the number one web application risk found in the 2021 OWASP Top 10, found in 94% of software tested​
IMPERVA. COM
, illustrating how pervasive and important correct authorization is.

a few. **Accountability** (and Auditing) – This refers to the ability to search for actions in typically the system for the dependable entity, which usually signifies having proper signing and audit paths. If something goes wrong or suspicious activity is diagnosed, we need to be able to know who performed what. Accountability is achieved through signing of user steps, and by having tamper-evident records. It works hand-in-hand with authentication (you can only hold someone liable once you learn which account was performing an action) and together with integrity (logs on their own must be guarded from alteration). In application security, setting up good logging in addition to monitoring is important for both finding incidents and undertaking forensic analysis right after an incident. Since we'll discuss found in a later part, insufficient logging in addition to monitoring can allow breaches to go unknown – OWASP lists this as another top ten issue, remembering that without appropriate logs, organizations may possibly fail to see an attack right up until it's far also late​
IMPERVA. CONTENDO
​
IMPERVA. COM
.

Sometimes you'll notice an expanded acronym like IAAA (Identification, Authentication, Authorization, Accountability) which just breaks or cracks out identification (the claim of personality, e. g. entering username, before actual authentication via password) as a separate step. But typically the core ideas remain exactly the same. A secure application typically enforces strong authentication, stringent authorization checks regarding every request, and maintains logs for accountability.

## Basic principle of Least Benefit

One of the most important design and style principles in safety is to give each user or perhaps component the lowest privileges necessary to be able to perform its function, with no more. This is called the theory of least freedom. In practice, it means if an app has multiple tasks (say admin as opposed to regular user), the regular user company accounts should have not any ability to perform admin-only actions. If a new web application wants to access some sort of database, the database account it makes use of must have permissions just for the actual desks and operations required – for example, in case the app never needs to erase data, the DB account shouldn't in fact have the REMOVE privilege. By restricting privileges, even if a great attacker compromises a great user account or a component, destruction is contained.

A kampfstark example of not really following least opportunity was the Funds One breach associated with 2019: a misconfigured cloud permission permitted a compromised component (a web program firewall) to retrieve all data by an S3 safe-keeping bucket, whereas in case that component had been limited to only a few data, typically the breach impact would certainly have been a lot smaller​
KREBSONSECURITY. APRESENTANDO
​
KREBSONSECURITY. COM
. Least privilege likewise applies at the code level: if the component or microservice doesn't need certain entry, it shouldn't experience it. Modern container orchestration and fog up IAM systems ensure it is easier to employ granular privileges, but it requires considerate design.

## Defense in Depth

This specific principle suggests of which security should always be implemented in overlapping layers, in order that if one layer falls flat, others still offer protection. Put simply, don't rely on any kind of single security manage; assume it may be bypassed, and even have additional mitigations in place. Intended for an application, security in depth may well mean: you validate inputs on the client side regarding usability, but an individual also validate them on the server based (in case a great attacker bypasses the client check). You safeguarded the database behind an internal firewall, but the truth is also write code that inspections user permissions ahead of queries (assuming a good attacker might breach the network). If using encryption, you might encrypt sensitive data inside the repository, but also put in force access controls at the application layer in addition to monitor for uncommon query patterns. Security in depth will be like the layers of an red onion – an opponent who gets by way of one layer should immediately face an additional. This approach surfaces the point that no single defense is foolproof.

For example, suppose an application is dependent on a net application firewall (WAF) to block SQL injection attempts.  format string vulnerability  would dispute the application form should nevertheless use safe code practices (like parameterized queries) to sterilize inputs, in circumstance the WAF misses a novel assault. A real circumstance highlighting this was initially the truth of certain web shells or perhaps injection attacks that were not recognized by security filters – the interior application controls and then served as typically the final backstop.

## Secure by Design and Secure simply by Default

These relevant principles emphasize generating security a fundamental consideration from the start of style, and choosing safe defaults. "Secure simply by design" means you plan the system structures with security found in mind – intended for instance, segregating very sensitive components, using tested frameworks, and thinking of how each style decision could introduce risk. "Secure by default" means if the system is stationed, it will default to the most secure adjustments, requiring deliberate motion to make it less secure (rather than the other method around).

An example is default account policy: a firmly designed application might ship without arrears admin password (forcing the installer in order to set a sturdy one) – as opposed to possessing a well-known default security password that users might forget to alter. Historically, many software packages were not safe by default; they'd install with available permissions or example databases or debug modes active, in case an admin chosen not to lock them along, it left gaps for attackers. After some time, vendors learned in order to invert this: today, databases and operating systems often come using secure configurations away of the pack (e. g., distant access disabled, test users removed), and even it's up to the admin to be able to loosen if totally needed.

For builders, secure defaults indicate choosing safe selection functions by standard (e. g., arrears to parameterized queries, default to output encoding for internet templates, etc. ). It also means fail safe – if an aspect fails, it need to fail inside a safe closed state somewhat than an insecure open state. For example, if an authentication service times out there, a secure-by-default process would deny access (fail closed) quite than allow this.

## Privacy by Design

Idea, strongly related to safety measures by design, features gained prominence especially with laws like GDPR. It means that will applications should be designed not just in be secure, but to respect users' privacy by the ground upwards. In practice, this may well involve data minimization (collecting only what is necessary), visibility (users know precisely what data is collected), and giving consumers control of their info. While privacy is a distinct domain name, it overlaps intensely with security: a person can't have personal privacy if you can't secure the private data you're accountable for. Lots of the worst data breaches (like those at credit bureaus, health insurers, etc. ) usually are devastating not only as a result of security failing but because that they violate the level of privacy of millions of people. Thus, modern app security often functions hand in hands with privacy factors.

## Threat Modeling

A key practice inside secure design is definitely threat modeling – thinking like a good attacker to predict what could fail. During threat modeling, architects and designers systematically go through the type of an application to recognize potential threats in addition to vulnerabilities. They question questions like: Just what are we building? What can go wrong? What is going to many of us do about it? 1 well-known methodology regarding threat modeling will be STRIDE, developed at Microsoft, which holders for six types of threats: Spoofing personality, Tampering with info, Repudiation (deniability associated with actions), Information disclosure, Denial of assistance, and Elevation involving privilege.

By going for walks through each component of a system and considering STRIDE hazards, teams can find out dangers that may not be evident at first glimpse. For example, look at a simple online payroll application. Threat recreating might reveal that: an attacker can spoof an employee's identity by questioning the session expression (so we have to have strong randomness), could tamper with earnings values via the vulnerable parameter (so we need insight validation and server-side checks), could execute actions and later on deny them (so we require good review logs to stop repudiation), could exploit an information disclosure bug in the error message to be able to glean sensitive info (so we want user-friendly but obscure errors), might test denial of assistance by submitting a new huge file or heavy query (so we need level limiting and reference quotas), or consider to elevate freedom by accessing administrator functionality (so all of us need robust gain access to control checks). Via this process, protection requirements and countermeasures become much clearer.

Threat modeling is usually ideally done early in development (during the look phase) as a result that security is usually built in in the first place, aligning with the "secure by design" philosophy. It's a good evolving practice – modern threat which might also consider abuse cases (how may the system always be misused beyond the particular intended threat model) and involve adversarial thinking exercises. We'll see its relevance again when speaking about specific vulnerabilities and how developers can foresee and prevent them.

## Chance Management

Its not all safety issue is both equally critical, and resources are always partial. So another principle that permeates software security is risikomanagement. This involves examining the possibilities of a danger plus the impact were it to happen. Risk is often informally considered as an event of these 2: a vulnerability that's simple to exploit and would cause severe damage is large risk; one that's theoretical or would have minimal influence might be reduced risk. Organizations often perform risk checks to prioritize their own security efforts. With regard to example, an on-line retailer might decide that this risk involving credit card thievery (through SQL injection or XSS resulting in session hijacking) is extremely high, and hence invest heavily inside preventing those, whereas the chance of someone creating minor defacement on a less-used webpage might be accepted or handled together with lower priority.

Frameworks like NIST's or perhaps ISO 27001's risk management guidelines help inside systematically evaluating and even treating risks – whether by minify them, accepting these people, transferring them (insurance), or avoiding these people by changing business practices.

One tangible response to risk administration in application safety is the creation of a danger matrix or threat register where potential threats are listed along with their severity. This kind of helps drive decisions like which pests to fix very first or where to allocate more tests effort. It's furthermore reflected in repair management: if a new vulnerability will be announced, teams will assess the threat to their program – is it exposed to that will vulnerability, how extreme is it – to determine how urgently to apply the spot or workaround.

## Security vs. Functionality vs. Cost

Some sort of discussion of principles wouldn't be full without acknowledging the particular real-world balancing take action. Security measures may introduce friction or even cost. Strong authentication might mean more steps for the consumer (like 2FA codes); encryption might decrease down performance slightly; extensive logging may raise storage costs. A principle to follow along with is to seek balance and proportionality – security should get commensurate with the value of what's being protected. Excessively burdensome security that will frustrates users could be counterproductive (users might find unsafe workarounds, with regard to instance). The skill of application protection is finding alternatives that mitigate dangers while preserving some sort of good user encounter and reasonable price. Fortunately, with modern techniques, many safety measures can become made quite smooth – for illustration, single sign-on alternatives can improve both security (fewer passwords) and usability, in addition to efficient cryptographic your local library make encryption rarely noticeable when it comes to overall performance.

In summary, these fundamental principles – CIA, AAA, very least privilege, defense in depth, secure by design/default, privacy considerations, danger modeling, and risk management – form the mental framework with regard to any security-conscious practitioner. They will look repeatedly throughout information as we analyze specific technologies and even scenarios. Whenever you are unsure regarding a security choice, coming back in order to these basics (e. g., "Am We protecting confidentiality? Are usually we validating integrity? Are we reducing privileges? Do we possess multiple layers associated with defense? ") could guide you to some more secure end result.

With these principles inside mind, we are able to now explore the exact risks and vulnerabilities that plague applications, and how to protect against them.