While designing applications, developers should make use of security strategies, tactics and patterns to guide them during the development process. These methods and principals can have beneficial effects on the security of the application.  A lack of preparation during the design phase often results in an increase of vulnerabilities. These vulnerabilities are part of a completely new category in the OWASP Top 10 of 2021 called ‘Insecure Design’, and it contains a multitude of risks related to design and architectural flaws.

Recommendations for developers

To achieve Security By Design there are certain requirements which a developer must follow:

1. Expect Attacks

To anticipate where weak points are located in software, it is necessary to always assume attacks are going to occur, what impact these can have and to put countermeasures in place where needed.

2. Avoid Security Through Obscurity

Security Through Obscurity (STO) means hiding the details of your security mechanism. The goal is to discourage attackers by hiding important information and enforcing the secrecy of the software. Short-term this method will see a reduced amount of risks, however obscuring security often leads to a false sense of security. Over time attackers apply techniques which will cause these secrecy methods to fail.

3. Least Privilege

This principle requires that every user, process or program can only access the resources and information which are essential to perform it’s intended function. A normal user cannot have access to admin functions.

4. Secure Development Lifecycle

The SDL helps developers build more secure software by reducing vulnerabilities, while also reducing development costs. It consists of a set of practices that support security assurance and compliance requirements.

These practices include providing training, define security requirements, perform static and dynamic analysis security testing, use approved tools, establish a standard incident response plan and more. 

5. Threat Modeling

Threat modeling is a process in which potential risks and threats are identified, prioritized and mitigated. This way a systematical analysis can be created of what defenses must be included or implemented.

There are many approaches to threat modeling, with the most known ones being STRIDE and P.A.S.T.A.

•  STRIDE
Developed by Microsoft, it is a model of threats, used to find what could go wrong in a system. The threats in this model are Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege.

•  P.A.S.T.A
The Process for Attack Simulation and Threat analysis is a seven-step, risk-centered methodology. Its intent is to provide dynamic threat identification, enumeration and a scoring process.

These approaches both use data flow diagrams to develop a visual representation of the application infrastructure.

6. Secure Design Patterns

Secure Design Patterns are reusable solutions to commonly occurring design problems. They are meant to eliminate the accidental insertion of vulnerabilities into code and to mitigate the consequences of these vulnerabilities.

These patterns follow a template which describes different elements of the pattern. Like its intent, examples, applicability, implementation and more.

When working on a project, you can create a secure design pattern when facing a common problem. Later when the same problem occurs again but in a different situation, you can apply the pattern to implement the same solution.

Conclusion

Because Insecure Design is a completely new category in the OWASP Top 10, we can see that it is necessary to bring attention to these vulnerabilities. It’s important for developers to follow these guidelines and spend more time and resources on planning and modeling before starting coding activities.

At Brightest, we perform a complete one-off penetration test of applications based on the OWASP top 10, which includes Insecure Design. Additionally, we assist with the implementation of the Secure Development Lifecycle. This means converting security-concepts into requirements and use cases in the design phase of the SDL. At last, we can verify if developers follow the requirements to be secure by design, checking if the least privilege principle is lived up to, verify the design patterns and making sure security through obscurity is avoided.

Do you want to know more about the OWASP Top 10? Read here our previous articles on the topic.

Written by Mitch Rollez