Improving Web Application Security: Threats and - CGISecurity

Chapter 1: Web Application Security Fundamentals 11Security PrinciplesRecommendations used throughout this guide are based on security principles thathave proven themselves over time. Security, like many aspects of softwareengineering, lends itself to a principle-based approach, where core principles can beapplied regardless of implementation technology or application scenario. The majorsecurity principles used throughout this guide are summarized in Table 1.4.Table 1.4: Summary of Core Security PrinciplesPrincipleCompartmentalizeConceptsReduce the surface area of attack. Ask yourself how you will contain aproblem. If an attacker takes over your application, what resources can heor she access? Can an attacker access network resources? How are yourestricting potential damage? Firewalls, least privileged accounts, and leastprivileged code are examples of compartmentalizing.Use least privilegeApply defense in depthDo not trust user inputCheck at the gateFail securelySecure the weakestlinkCreate secure defaultsReduce your attacksurfaceBy running processes using accounts with minimal privileges and accessrights, you significantly reduce the capabilities of an attacker if the attackermanages to compromise security and run code.Use multiple gatekeepers to keep attackers at bay. Defense in depthmeans you do not rely on a single layer of security, or you consider that oneof your layers may be bypassed or compromised.Your application’s user input is the attacker’s primary weapon whentargeting your application. Assume all input is malicious until provenotherwise, and apply a defense in depth strategy to input validation, takingparticular precautions to make sure that input is validated whenever a trustboundary in your application is crossed.Authenticate and authorize callers early — at the first gate.If an application fails, do not leave sensitive data accessible. Returnfriendly errors to end users that do not expose internal system details. Donot include details that may help an attacker exploit vulnerabilities in yourapplication.Is there a vulnerability at the network layer that an attacker can exploit?What about the host? Is your application secure? Any weak link in the chainis an opportunity for breached security.Is the default account set up with least privilege? Is the default accountdisabled by default and then explicitly enabled when required? Does theconfiguration use a password in plaintext? When an error occurs, doessensitive information leak back to the client to be used potentially againstthe system?If you do not use it, remove it or disable it. Reduce the surface area ofattack by disabling or removing unused services, protocols, andfunctionality. Does your server need all those services and ports? Doesyour application need all those features?