Menu
I am working on the design of a high security application (involving financial information, personal information etc). I need to identify what security measures (application level) will be implemented. The application will involve sending data to and from a database, user login, import export to csv, txt files, and print function.
What security features do I need to consider for such an application. (SQL injection for starters) ?
Also, if I want to ensure that a legit user is moving from page to page, do I have to check on every page if (UserLogin.IsValid) etc? That might require a few too many server hits I am guessing.
812
The first thing to do is build a threat model. Only once you understand:
can you reasonably start to craft a solution. For example, if the resource is my television, the vulnerability is an open window, the attackers have financial gain as a motive, and the threat they pose is the theft of my television, then I can start to craft a solution.
Consider the multi-pronged solution that becomes apparent once you have a list of resources, vulnerabilities, motivations and threats. I can:
Notice that a good solution has defense in depth. Don't just stop there. Look for more vulnerabilities. Look for more ways to demotivate attackers. Look for more ways to lower the cost of a successful attack. But all of this depends on having an accurate threat model, so do that first.
Here's some resources to get you started:
http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
