Lecture 12 Flashcards
Data Breach
A confirmed incident in which sensitive, confidential, or otherwise protected data has been accessed or disclosed in an unauthorized fashion.
ex: PHI (personal health information), PII (personally identifiable information), trade secrets, intellectual property
Security Concepts (AKA CIA Triad) (SC)
From top, right, left:
- Confidentiality: data is secured to authorized parties only
- Integrity: data is trusted
- Availability: data is accessible when and where needed
From left, right, bottom:
- Authenticity: components can prove their identity
- Non-repudiation: service provides a trusted audit trail
- Privacy: services does not automatically see customer data
[SC] Authentication vs Authorization
- Authentication (1st): verifies who you are
- Authorization (2nd): decides if you have permissions to access a resource
Top 10 Security Principles
- authenticate requests received on a network port
- follow principle of least privilege
- encrypt all credentials
- test by abusing
- assume no one else will secure it; validate it
- hard code no passwords, user ids, etc
- avoid security by obscurity/keep security simple
- understand 3rd party components
- EVERYONE IS RESPONSIBLE FOR SECURITY
Security w/in an SDLC (S in SDLC)
Software security best practices involve explicitly thinking about the security situations throughout the SDLC.
- know and understand common risks
- design for security
- all software artifacts subject to thorough, objective risk analysis and testing
- security should be its own set of requirements for the app
[Security Terms] Vulnerability
A weakness (in an information system, security system procedure, or implementation) that could be exploited/triggered.
[Security Terms] Threat
A potential violation or security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
[Security Terms] Threat Agent
An individual or group which can manifest a threat.
[Security Terms] Asset
A major app, general support system, high impact project, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.
[Security Terms] Risk
(level of threat) * (level of vulnerability). Likelihood of a successful attack.
[Security Terms] Countermeasure
Reactive methods use to prevent an exploit from successfully occurring once a threat has been detected.
ex: IPS (intrusion prevention systems), patches, access control lists, malware filters
[Security Terms] Security Model
- Owners value ASSETS
- Owners wish to minimize RISK to ASSETS
- Owners impose COUNTERMEASURES to reduce RISK to ASSETS
- Owners impose COUNTERMEASURES that may possess VULNERABILITIES leading to RISK to ASSETS
- Threat agents wish to abuse and/or damage ASSETS
- Threat agents give rise to THREATS to ASSETS
- Threat agents give rise to THREATS that exploit VULNERABILITIES leading to RISK to assets
- Threat agents give risk to THREATS that increase RISK to ASSETS
Application Threat Modeling [ATM]
An structured approach for analyzing the security of an application that enables you to identify, quantify, and address the security risks with an application.
[ATM] Process
1) Identify Assets
2) Create an Architecture Overview
3) Decompose the Application
4) Identify the Threats
5) Document the Threats
6) Rate the Threats
Security Design Practices
- earn/give, but never assume, trust
- authentication mechanism that can’t be bypassed/tampered with
- authorize after you authenticate
- explicitly validate ALL data (client-side and server-side)
- external 3rd party components change your attack surface