Cheat Sheet: Security Engineering

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, Rudolph Araujo


Approach

This security engineering approach includes specific security-related activities that help you meet your application security objectives. To design, build, and deploy secure applications, you must integrate security into your application development life cycle and adapt your current software engineering practices and methodologies to include specific security-related activities.


Key Activities in the Life Cycle

Security Overlay

Image:SecurityEngineering.gif

Figure 1. Security activities in the application development life cycle


There is a core set of activities common to application development approaches, such as architecture and design reviews, code reviews and deployment reviews. This Security Engineering approach extends these proven core activities to create security specific activities. These activities include:

  • Security objectives. Setting objectives helps you scope and prioritize your work by setting boundaries and constraints. Setting security objectives helps you identify where to start, how to proceed, and when you are done.
  • Threat modeling. Threat modeling is an engineering technique that can help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. You can use threat modeling to shape your application's design, meet your company's security objectives, and reduce risk.
  • Security design guidelines. Creating design guidelines is a common practice at the start of an application project to guide development and share knowledge across the team. Effective design guidelines for security organize security principles, practices, and patterns by actionable categories.
  • Security design inspections. Security design inspections are an effective way to identify problems in your application design. By using pattern-based categories and a question-driven approach, you simplify evaluating your design against root cause security issues.
  • Security code inspections. Many security defects are found during code reviews. Analyzing code for security defects includes knowing what to look for and how to look for it. Security code inspections optimize inspecting code for common security issues.
  • Security testing Use a risk-based approach and use the output from the threat modeling activity to help establish the scope of your testing activities and define your test plans.
  • Security deployment inspections. When you deploy your application during your build process or staging process, you have an opportunity to evaluate runtime characteristics of your application in the context of your infrastructure. Deployment reviews for security focus on evaluating your security design and configuration of your application, host, and network.


How the Security Activities Work Together

Security-related activities start early and continue throughout the application life cycle, many in parallel with one another. Figure 1.2 on the next page shows how security activities span the various activities of the application development life cycle.

Image:SecurityActivitiesInTheLifeCycle.gif

Figure 1.2 Security activities in the application development life cycle


Allow the results of each activity to influence the others in order to have a security engineering process that is more effective than the sum of its parts. For example:

  • Your security objectives should be considered alongside other critical business objectives. Application specific security objectives should be identified and documented early during requirements and analysis and should be balanced along side other quality of service requirements such as performance, availability and reliability.
  • Using security design guidelines will mitigate many threats found during the threat modeling process.
  • Threat modeling allows you to identify threats and vulnerabilities. The identified vulnerabilities and subsequent mitigations should be used to shape and influence subsequent design, development, and testing decisions.
  • Issues found during code review and testing may result in new threats added to the threat model which in turn will drive new ideas for testing and code review.


Incremental Adoption

If your current software engineering processes do not include specific security activities, it is possible to incrementally adopt the key security activities. The activities you should adopt first will depend on the security objectives you have identified, as well as any outstanding problems your process or application currently has.


For most organizations, the best results will come from adopting the activities in the following order:

  • Security Objectives. If you do not know the security objectives for your application, it will be difficult to be successful with any other activity.
  • Security Design Inspection. Bugs introduced in the design phase are the most expensive to deal with later. By introducing architecture and design reviews focused on security, you avoid the need for costly rework later in the life cycle.
  • Threat Modeling. By adopting threat modeling, in addition to helping you focus your security development efforts, improving the overall quality of your software engineering, and ensuring that you address relevant threats, you can help your test teams create test plans to test for specific vulnerabilities. Threat models also serve as a focus for communication among the various roles and help to ensure that developers and IT professionals alike really understand the application.
  • Security Code Inspections. While design bugs are the most expensive, implementation bugs are the most common. Reviewing your code for security vulnerabilities can save you later rework or help avoid costly exploits.
  • Security Deployment Inspections. An application is only as secure as its weakest link. Even a highly effective process can be undone by a configuration error during deployment.
  • Security Design Guidelines. By adopting proven design principles and learning from others mistakes you can ensure your application is secure from the start.
  • Security Testing. Testing should be used to validate designed mitigations and ensure nothing has slipped through the cracks.
Personal tools