Episode 7 - Basic Practices to Secure Your Application Architecture
How to make your app's architecture secure right now: separation, configuration, and access
by Victoria Drake
Markets seem to reward fast product launches over secure one. This means that most organizations are not prioritizing security tasks early on. But following basic security practices early can yield great benefits without a significant increase in development time.
Separation of concerns
- Put files that serve different purposes in different places.
- Assets should not mix with core application code.
- Don’t keep secrets or configurations in routable locations.
- Use external systems like Hashicorp’s Vault, or AWS’s Parameter Store.
- Completely ignoring application configuration can open serious security holes.
- Security misconfiguration is one of the top 10 reasons for vulnerabilities.
- Default settings can be your enemy. This means your ports and credentials are easily available in the documentation.
- Django had a famous example where it enabled debug mode by default, allowing attackers to easily access a lot of application information in websites that didn’t know to disable it.
- Examine your subsystems for exposed areas:
- Default accounts, especially with default passwords still running.
- Example webpages with tutorial applications or sample data left in the app.
- Unnecessary ports left in service or open to the internet.
- Unrestricted permitted HTTP methods.
- Sensitive information stored in logs.
- Default configured permissions in managed services
- Directory listings, or sensitive file types, left accessible by default.
- Reduce the number of external dependencies in your app to the bare minimum.
- Fewer components and subsystems mean fewer entrypoints to safeguard.
- It’s an important consideration when thinking about microservices.
Control access and user scope
- Broken access control is another top security mistake.
- Avoid building features that require increased privileges right next to those that don’t.
- Put admin interfaces in a different domain, service or database, to avoid elevation of privilege attacks.
- Don’t pass sensitive tokens or keys as url parameters.
- Pay attention to error messages, you may inadvertently give away privileged information.
- Consider authorization early on in your architectural stage.
Background music by Vendredi from Audio Library+