Log in Subscribe

Main Security Principles and Concepts

Harrell Mcintyre
· 12 min read
Main Security Principles and Concepts

# Chapter several: Core Security Principles and Concepts

Just before diving further in to threats and protection, it's essential to be able to establish the fundamental principles that underlie application security. These kinds of core concepts will be the compass by which security professionals navigate decisions and trade-offs. They help reply why certain handles are necessary in addition to what goals we are trying to be able to achieve. Several foundational models and guidelines guide the design and evaluation of safe systems, the almost all famous being the CIA triad and even associated security rules.

## The CIA Triad – Confidentiality, Integrity, Availability

At the heart of information security (including application security) are three major goals:

1. **Confidentiality** – Preventing not authorized access to information. Inside simple terms, trying to keep secrets secret. Only those who happen to be authorized (have typically the right credentials or perhaps permissions) should be able to see or use hypersensitive data. According in order to NIST, confidentiality implies "preserving authorized restrictions on access in addition to disclosure, including methods for protecting individual privacy and exclusive information"​
PTGMEDIA. PEARSONCMG. COM
. Breaches regarding confidentiality include new trends like data leaks, password disclosure, or even an attacker reading through someone else's e-mail. A real-world instance is an SQL injection attack that dumps all consumer records from a new database: data of which should happen to be secret is subjected to typically the attacker. The alternative associated with confidentiality is disclosure​
PTGMEDIA. PEARSONCMG. APRESENTANDO
– when information is showed all those not authorized in order to see it.

2. **Integrity** – Safeguarding data and methods from unauthorized adjustment. Integrity means that information remains exact and trustworthy, and that system functions are not interfered with. For example, when a banking app displays your accounts balance, integrity procedures ensure that the attacker hasn't illicitly altered that harmony either in passage or in typically the database. Integrity can be compromised by simply attacks like tampering (e. g., altering values in a WEB ADDRESS to access a person else's data) or by faulty computer code that corrupts data.  interactive application security testing  to assure integrity is the using cryptographic hashes or validations – if a data file or message is usually altered, its trademark will no longer verify. The contrary of integrity will be often termed change – data being modified or dangerous without authorization​
PTGMEDIA. PEARSONCMG. COM
.

3. **Availability** – Guaranteeing systems and data are accessible as needed. Even if data is kept secret and unmodified, it's of little employ when the application will be down or inaccessible. Availability means that will authorized users can certainly reliably access the particular application and it is functions in the timely manner. Hazards to availability consist of DoS (Denial associated with Service) attacks, wherever attackers flood a server with targeted visitors or exploit a vulnerability to accident the program, making that unavailable to genuine users. Hardware failures, network outages, or perhaps even design problems that can't handle peak loads are also availability risks. Typically the opposite of supply is often described as destruction or denial – data or perhaps services are ruined or withheld​
PTGMEDIA. PEARSONCMG. COM
. The particular Morris Worm's impact in 1988 has been a stark reminder of the importance of availability: it didn't steal or transform data, but by looking into making systems crash or perhaps slow (denying service), it caused significant damage​
CCOE. DSCI. IN
.

These three – confidentiality, ethics, and availability – are sometimes named the "CIA triad" and are considered the three pillars associated with security. Depending on the context, the application might prioritize one over the others (for example, a public news website primarily cares that it's available and its particular content sincerity is maintained, discretion is much less of an issue because the content material is public; more over, a messaging application might put privacy at the top of its list). But a safeguarded application ideally need to enforce all to an appropriate degree. Many security settings can be recognized as addressing one particular or more of such pillars: encryption aids confidentiality (by trying data so only authorized can read it), checksums and audit logs help integrity, and redundancy or failover systems support availability.

## The DAD Triad (Opposites of CIA)

Sometimes it's useful to remember typically the flip side of the CIA triad, often called DAD:

- **Disclosure** – Unauthorized access in order to information (breach associated with confidentiality).
- **Alteration** – Unauthorized alter of information (breach of integrity).
- **Destruction/Denial** – Unauthorized damage info or refusal of service (breach of availability).

Safety efforts aim in order to prevent DAD effects and uphold CIA. A single strike can involve numerous of these features. For example, a ransomware attack might both disclose data (if the attacker shop lifts a copy) in addition to deny availability (by encrypting the victim's copy, locking all of them out). A web exploit might adjust data in a repository and thereby breach integrity, etc.

## Authentication, Authorization, plus Accountability (AAA)

Within securing applications, specifically multi-user systems, all of us rely on further fundamental concepts also known as AAA:

1. **Authentication** – Verifying the particular identity of a good user or method. Whenever you log inside with an username and password (or more securely with multi-factor authentication), the system is authenticating you – making sure you are who you claim to be. Authentication answers the problem: Who will be you? Frequent methods include accounts, biometric scans, cryptographic keys, or tokens. A core basic principle is that authentication should be strong enough to be able to thwart impersonation. Fragile authentication (like quickly guessable passwords or no authentication high should be) is a frequent cause of breaches.

2. **Authorization** – Once personality is made, authorization settings what actions or even data the authenticated entity is authorized to access. It answers: What are you allowed to perform? For example, after you sign in, an online banking application will authorize that you see your very own account details nevertheless not someone else's. Authorization typically consists of defining roles or even permissions. A weakness, Broken Access Control, occurs when these kinds of checks fail – say, an assailant finds that simply by changing a record IDENTITY in an WEB ADDRESS they can view another user's info because the application isn't properly verifying their particular authorization. In simple fact, Broken Access Handle was referred to as typically the number one net application risk found in the 2021 OWASP Top 10, found in 94% of applications tested​
IMPERVA. POSSUINDO
, illustrating how predominanent and important appropriate authorization is.

a few. **Accountability** (and Auditing) – This refers to the ability to trace actions in the system to the responsible entity, which in turn means having proper signing and audit tracks. If something goes wrong or suspect activity is recognized, we need to be able to know who do what. Accountability will be achieved through logging of user steps, and by possessing tamper-evident records. It works hand-in-hand with authentication (you can only hold someone accountable once you learn which accounts was performing a good action) and along with integrity (logs them selves must be safeguarded from alteration). Within application security, setting up good logging in addition to monitoring is essential for both detecting incidents and undertaking forensic analysis after an incident. While we'll discuss inside a later part, insufficient logging in addition to monitoring enables breaches to go undiscovered – OWASP details this as one more top ten issue, writing that without proper logs, organizations may fail to observe an attack till it's far as well late​
IMPERVA. COM


IMPERVA. APRESENTANDO
.

Sometimes you'll notice an expanded acronym like IAAA (Identification, Authentication, Authorization, Accountability) which just fractures out identification (the claim of personality, e. g. coming into username, before real authentication via password) as an individual step. But the core ideas stay a similar. A protected application typically enforces strong authentication, stringent authorization checks with regard to every request, and maintains logs with regard to accountability.

## Basic principle of Least Privilege

One of the particular most important style principles in safety is to give each user or even component the bare minimum privileges necessary to perform its perform, and no more. This specific is called the basic principle of least opportunity. In practice, it implies if an app has multiple roles (say admin versus regular user), the regular user company accounts should have simply no ability to perform admin-only actions. If the web application needs to access some sort of database, the repository account it uses must have permissions only for the specific furniture and operations essential – such as, in case the app by no means needs to remove data, the DIE BAHN account shouldn't even have the DELETE privilege. By decreasing privileges, even if the attacker compromises the user account or a component, the damage is contained.

A abgefahren example of not following least benefit was the Capital One breach regarding 2019: a misconfigured cloud permission allowed a compromised part (a web app firewall) to access all data by an S3 storage bucket, whereas when that component acquired been limited to be able to only certain data, the breach impact might have been far smaller​
KREBSONSECURITY. COM


KREBSONSECURITY. CONTENDO
. Least privilege in addition applies in the program code level: if a component or microservice doesn't need certain gain access to, it shouldn't need it. Modern textbox orchestration and cloud IAM systems make it easier to employ granular privileges, nevertheless it requires innovative design.

## Defense in Depth

This principle suggests of which security should become implemented in overlapping layers, so that in the event that one layer does not work out, others still provide protection. In other words, don't rely on any single security manage; assume it can easily be bypassed, in addition to have additional mitigations in place. With regard to an application, security in depth might mean: you validate inputs on typically the client side for usability, but an individual also validate all of them on the server based (in case an attacker bypasses your customer check). You secure the database behind an internal fire wall, but you also create code that bank checks user permissions before queries (assuming the attacker might breach the network). In the event that using encryption, you might encrypt hypersensitive data within the data source, but also impose access controls at the application layer plus monitor for strange query patterns. Defense in depth is usually like the sheets of an red onion – an opponent who gets by way of one layer have to immediately face an additional. This approach surfaces the reality that no individual defense is certain.

For example, suppose an application depends on a net application firewall (WAF) to block SQL injection attempts. Security detailed would argue the applying should still use safe code practices (like parameterized queries) to sterilize inputs, in case the WAF does not show for a novel harm. A real scenario highlighting this was the case of selected web shells or injection attacks of which were not identified by security filters – the interior application controls then served as the final backstop.

## Secure by Design and style and Secure simply by Default

These related principles emphasize producing security an important consideration from the particular start of design, and choosing secure defaults. "Secure by simply design" means you want the system buildings with security inside of mind – for instance, segregating hypersensitive components, using proven frameworks, and considering how each style decision could present risk. "Secure simply by default" means once the system is deployed, it should default to be able to the best adjustments, requiring deliberate action to make that less secure (rather compared to other approach around).

An example is default accounts policy: a securely designed application might ship without default admin password (forcing the installer to be able to set a sturdy one) – because opposed to possessing a well-known default pass word that users might forget to modify. Historically, many computer software packages are not protected by default; they'd install with wide open permissions or test databases or debug modes active, if an admin opted to not lock them lower, it left cracks for attackers. Over time, vendors learned in order to invert this: at this point, databases and operating systems often come using secure configurations out there of the box (e. g., distant access disabled, sample users removed), plus it's up to be able to the admin to loosen if totally needed.

For designers, secure defaults imply choosing safe library functions by arrears (e. g., standard to parameterized queries, default to outcome encoding for web templates, etc. ). It also indicates fail safe – if an aspect fails, it should fail in a safe closed state somewhat than an unconfident open state. For example, if an authentication service times out there, a secure-by-default tackle would deny entry (fail closed) quite than allow it.

## Privacy simply by Design

This concept, carefully related to security by design, has gained prominence especially with laws like GDPR. It means that applications should be designed not only to be secure, but to regard users' privacy from the ground way up. Used, this might involve data minimization (collecting only what is necessary), openness (users know what data is collected), and giving consumers control over their info. While privacy is definitely a distinct domain, it overlaps greatly with security: a person can't have level of privacy if you can't secure the personal data you're responsible for. Most of the worst data breaches (like those at credit rating bureaus, health insurance firms, etc. ) usually are devastating not merely because of security failing but because that they violate the privateness of a lot of people. Thus, modern application security often functions hand in side with privacy factors.

## Threat Building

The practice throughout secure design is usually threat modeling – thinking like the attacker to assume what could go wrong. During threat which, architects and designers systematically go all the way through the design of a good application to determine potential threats and vulnerabilities. They inquire questions like: Precisely what are we developing? What can proceed wrong? And what will many of us do regarding it? One particular well-known methodology with regard to threat modeling is usually STRIDE, developed with Microsoft, which stalls for six kinds of threats: Spoofing personality, Tampering with files, Repudiation (deniability regarding actions), Information disclosure, Denial of support, and Elevation associated with privilege.

By jogging through each element of a system and even considering STRIDE threats, teams can uncover dangers that may possibly not be clear at first glance. For example, think about a simple online salaries application. Threat building might reveal of which: an attacker may spoof an employee's identity by guessing the session symbol (so we want strong randomness), could tamper with salary values via a vulnerable parameter (so we need suggestions validation and server-side checks), could execute actions and later deny them (so we require good audit logs to stop repudiation), could take advantage of an information disclosure bug in an error message in order to glean sensitive information (so we need user-friendly but vague errors), might effort denial of service by submitting some sort of huge file or even heavy query (so we need charge limiting and reference quotas), or attempt to elevate benefit by accessing administrative functionality (so we all need robust entry control checks). Through this process, protection requirements and countermeasures become much sharper.

Threat modeling is usually ideally done early in development (during the design phase) so that security is usually built in in the first place, aligning with the particular "secure by design" philosophy. It's the evolving practice – modern threat building might also consider mistreatment cases (how may the system always be misused beyond typically the intended threat model) and involve adversarial thinking exercises. We'll see its importance again when discussing specific vulnerabilities in addition to how developers can foresee and stop them.

## Chance Management

Its not all protection issue is equally critical, and sources are always in short supply. So another strategy that permeates app security is risikomanagement. This involves assessing the probability of a danger as well as the impact have been it to happen. Risk is frequently informally considered as an event of these a couple of: a vulnerability that's an easy task to exploit and would cause serious damage is high risk; one that's theoretical or would likely have minimal impact might be lower risk. Organizations usually perform risk assessments to prioritize their own security efforts. For example, an online retailer might decide that this risk of credit card robbery (through SQL treatment or XSS leading to session hijacking) is incredibly high, and hence invest heavily found in preventing those, while the chance of someone causing minor defacement upon a less-used web page might be accepted or handled along with lower priority.

Frameworks like NIST's or ISO 27001's risk management guidelines help in systematically evaluating and even treating risks – whether by excuse them, accepting all of them, transferring them (insurance), or avoiding them by changing business practices.

One concrete result of risk management in application safety is the development of a threat matrix or danger register where prospective threats are listed along with their severity. This specific helps drive choices like which insects to fix 1st or where to be able to allocate more testing effort. It's also reflected in spot management: if a new vulnerability will be announced, teams will certainly assess the danger to their app – is this exposed to that vulnerability, how severe is it – to make the decision how urgently to use the area or workaround.

## Security vs. Simplicity vs. Cost

Some sort of discussion of guidelines wouldn't be finish without acknowledging the particular real-world balancing work. Security measures can introduce friction or perhaps cost. Strong authentication might mean more steps for the customer (like 2FA codes); encryption might decrease down performance a little bit; extensive logging may raise storage fees. A principle to follow along with is to seek balance and proportionality – security should get commensurate with typically the value of what's being protected. Extremely burdensome security that will frustrates users could be counterproductive (users will dsicover unsafe workarounds, for instance). The fine art of application protection is finding solutions that mitigate risks while preserving a good user knowledge and reasonable expense. Fortunately, with contemporary techniques, many safety measures can be made quite unlined – for example of this, single sign-on solutions can improve equally security (fewer passwords) and usability, and efficient cryptographic your local library make encryption barely noticeable in terms of overall performance.

In summary, these fundamental principles – CIA, AAA, least privilege, defense comprehensive, secure by design/default, privacy considerations, danger modeling, and risk management – form the mental framework intended for any security-conscious practitioner. They will show up repeatedly throughout this guide as we analyze specific technologies in addition to scenarios. Whenever you are unsure regarding a security decision, coming back in order to these basics (e. g., "Am My partner and i protecting confidentiality? Are we validating ethics? Are we lessening privileges? Do we have multiple layers involving defense? ") could guide you into a more secure end result.

Using these principles on mind, we could right now explore the particular hazards and vulnerabilities that plague applications, and how to protect against them.