3.6 Summarize secure application development and deployment concepts. Flashcards
Development Life-Cycle Models
As mentioned, a big part of securing systems is to ensure that the applications that are running on the systems have been developed in a secure way. This is up to the application developers—they need to learn secure ways of developing applications so that hackers cannot hack through the application to gain access to the system.
A software development life cycle (SDLC) outlines the major phases to developing an application. There are six phases to the software development life cycle:
Requirements
gathering and analysis The first phase involves collecting the requirements for the application.
Design
After the requirements are collected, you then work on designing the application based on the requirements.
Implementation (coding)
The implementation phase is also known as the coding phase. During this phase, you write the code for the application.
Testing
After the coding phase, you then must test the code to verify the code does what it is supposed to.
Deployment
After testing, you are ready to install (deploy) the application to the system or systems that need to have the application.
Maintenance
During maintenance, you typically receive feedback from the persons using the application. You will need to fix any problems that arise with the application in this phase.
Development Life-Cycle Models - Waterfall vs. Agile
Waterfall
With the waterfall model, you progress through each phase of the SDLC without the capability of going backward in phases at any time. The point is that you must be sure to complete each phase to its fullest so that there is no need to go back (that was viewed as costly when this model was created).
Agile
With the agile model, you can take a more iterative approach and go to a previous phase if you realize something was missed or needs to be reworked. For example, you could do some requirements gathering, do some design, and then implement a prototype for the customer to review. Then, based on feedback from the customer, you may have to revisit the first few phases to complete requirements gathering and the design of the application. During testing, you may find that you need to change the design, or change the code. The agile model views the capability to go back to a phase as critical to
application development.
Secure DevOps
Secure DevOps is the principle of training developers to consider security from the beginning of the SDLC. Instead of viewing security as an afterthought, or something that you apply to the code after the fact, the code is implemented with security in mind from the beginning
Secure DevOps - Security Automation
As part of the development process, and in each phase of the SDLC, you should automate security testing so that you can verify the security of the application during all phases of the SDLC. You could automate software penetration testing and fuzz testing (locating bugs via data injection).
Secure DevOps - Continuous Integration
Continuous integration means the code updates from all developers involved in the project are merged into a central system on a regular basis. This allows the system to compile the application regularly and notify the team if there are compilation issues. The purpose is to ensure developers are aware of any issues sooner rather than later.
Secure DevOps - Baselining
With baselining you ensure that the systems running the application meet a hardened baseline that specifies the software and configuration of the system required to run the application in a secure state.
Secure DevOps - Immutable Systems
Immutable systems is the practice of making no changes to the systems once they are in place. This includes configuration changes to the system and security updates. Making changes to the system could affect the application environment and cause the application to function differently. If a change to a system is required, you would deploy a new system (not make changes to the existing system) with all required changes and test your application on that new system before redeployment.
Secure DevOps - Infrastructure as Code
As part of the Secure DevOps principles, you can have your code create the infrastructure for the application to run on. For example, you could have code that creates a virtual machine to host the web application. One of the major benefits of having your code create the infrastructure is that you know the configuration of the system is consistent with the design on the application.
Version Control and Change Management
Version Control
Larger organizations that have teams of developers developing applications will benefit from using version control features that identify the version of the application a developer is working on by using a version number, or revision number. The version number helps you keep track of which of the files represents the most recent changes made to the document. Version control software also allows you to easily revert to a previous version at any given time if you wish.
Change Management
Change management is the process you should follow to implement changes. Most companies have a change management policy that specifies how the changes are to be made. The change management process typically involves planning for change, testing the change, applying the change, and then verifying the change.
Provisioning and Deprovisioning
Provisioning
When planning to deploy the application, it is important to ensure that you have a process in place to provision the systems that will be running the application. Provisioning is the setting up of a new system. This is a critical part to application security these days because applications are complex and typically involve using multiple servers. You may need to provision an application server, a web server, and a database server in order to deploy the application. Ensure that you provision the system to support the application, but at the same time make sure you follow security best practices such as hardening the system. The goal of provisioning is to ensure the system is compliant, thereby reducing vulnerabilities to attacks. As part of the provisioning process, you will grant users access to the application.
Deprovisioning
Deprovisioning a system is the process you take to remove the system from the application environment. When deprovisioning an application or system, you first alter the access control to ensure users do not have access to the system or application. An important point to remember with deprovisioning is that when an employee is terminated or leaves the company you will need to follow procedures to deprovision their access to the system.
Secure Coding Techniques
Two important parts of developing secure code are writing good exception handling routines and validating all data passed to the application.
Secure Coding Techniques - Proper Error Handling
When application developers create an application, they sometimes do not foresee errors that can occur in different situations. For example, a common error when creating a file open dialog box is not planning for the user choosing to open a file from the DVD device when no DVD has been placed in the system. This typically causes a runtime error, an error that does not occur until the application is running—meaning there was no indication to the developer that the error would exist when they were creating the application.
Runtime errors will occur because the developer cannot force someone to place a DVD into the DVD tray before browsing to that resource. So what the developer has to do is trap the error that occurs at that point. Trapping an error means that instead of the error actually happening, the programmer intercepts the error and displays a friendly warning message or takes some form of corrective action, instead of the application crashing (runtime errors cause the application to crash).
Exception handling is a more advanced method of error handling. Exception is a fancy term for a runtime error, and programmers such as .NET or Java developers will implement exception-handling code. Exception-handling code uses what is called a try/catch block—which means “try this code and catch any errors.”
Secure Coding Techniques - Proper Input Validation
Developers need to adhere to the idea that when someone enters information into an application and clicks a button like Save, Find, or Execute, the developer must validate the input before using it somewhere in the application. Validating input means that the developer checks to ensure that the information typed by the user into the application is appropriate for the type of input that is expected. Any input that does not pass the validation test should be discarded and not processed.
For example, in a logon screen to an application, users need to type a username and a password. The username and password are, for the most part, short words containing fewer than 14 characters. The programmer should test on this input and make sure that the username is not more than 14 characters and that the password is not more than 14 characters. Also, passwords do not have spaces in them, so the programmer should check to see if a space is used as one of the characters—and if so, should cancel processing the information because it could be malicious. Other examples of characters to watch for are dashes ( - ) and apostrophes ( ’ ). They are not normally used in passwords, but hackers will input them into a logon screen to manipulate the way the software executes.
Secure Coding Techniques - Normalization
Database normalization is the process of structuring a relational database in accordance with a series of so-called normal forms in order to reduce data redundancy and improve data integrity.
Normalization entails organizing the columns (attributes) and tables (relations) of a database to ensure that their dependencies are properly enforced by database integrity constraints. It is accomplished by applying some formal rules either by a process of synthesis (creating a new database design) or decomposition (improving an existing database design).
More on this:
https://en.wikipedia.org/wiki/Database_normalization#Normal_forms
Secure Coding Techniques - Stored Procedures
Stored procedures are objects created on a database that encapsulate the SQL code needed to perform actions such as inserting a record, deleting a record, or updating a record. This code could be written directly in a client application (web app, mobile app, or desktop application), but there are many benefits to putting your database logic in a stored procedure:
Performance
If you have the database code in the client application,
when the application executes, it must send the code to the server, which then parses the code, optimizes it, compiles it, and executes it. With a stored procedure, the parsing, optimizing, and compiling is only done the first time the stored procedure is called. Future calls just execute the cached compiled version of the store procedure that was already called.
Maintainability
If you put the SQL code in a stored procedure instead of in each software application, then you have a central place to update the database logic. When the logic needs to change, you change the SQL code in the stored procedure and all applications calling the stored procedure will run the updated code.
Security
Stored procedures can help prevent SQL injection attacks when using parameters and the stored procedure is prepared (meaning it is precompiled before first use). The benefit is that because it is precompiled, if the hacker tries to inject an SQL command into the parameter, they will receive an error because the stored procedure has already been compiled so that code inserted as a parameter is not accepted.