Security by design in 9 steps

Security by design offers many advantages, but is still in its infancy. Here are nine steps for getting started.

Share this:

Author
Rob van der Veer

Principal Expert, Security & Privacy and AI

Contact us

设计上的安全性与事后的安全性是相反的——而不是在系统完成时测试它的安全性, information security is built in from the very beginning. This reduces costs and mitigates risks because:

  1. 根据研究,一开始就解决安全问题的成本要低得多,是现在的100倍. On top of that, 在开发过程结束时,时间和预算限制的压力特别大, not the best time for thought-out improvements. 设计上的安全性会导致更有弹性的系统,其中安全性是内置的,而不是作为修复而匆忙添加的.
  2. Implementing a variety of measures in security by design (awareness, knowledge, tools, 检查)可以比在开发结束时进行测试更有效地消除安全缺陷.
  3. 准确地确定犯了哪些错误使您能够调整开发过程以防止进一步的错误. This applies, for example, to improvements in the collaboration between developers and the IT operation. Close and automated collaborations are referred to as DevOps; or SecDevOps with security built in. 

Infancy

Security by design sounds very sensible. Unfortunately, however, it’s still in its infancy in practice. 竞博游戏下载每天在新闻中读到信息安全仍然有很多需要改进的地方. 在我作为软件研究员的工作中,我一次又一次地在我的许多客户身上看到同样的安全错误和对安全缺乏关注.

Why does security still receive so little attention? Are developers lazy? Unprofessional? On the contrary – they are generally motivated and take pride in their work. The key is what they are held accountable for. In general, the emphasis is on building new functions. This is what developers focus on and this is the most visible part. If quality is not made visible, it typically is the first thing to go. You get what you measure. To make sure security is given the attention it deserves, this must be agreed upon with developers in advance.

因此,设计的安全性始于客户和供应商之间的积极工作关系, 有明确和适当的需求,以及可以访问源代码的条件,以测试是否正确地内置了安全性. 从那时起,软件开发人员也将组织设计过程,包括设计安全性. 关于如何处理客户端和软件构建器之间的对话的建议, see the “Grip on SSD” initiative by the CIP at www.griponssd.org. Laws and regulations, such as the GDPR, are a good reason to set requirements. 在涉及个人数据时,GDPR通过设计规定了安全和隐私.

Security by design: how to get it right?

When setting up security by design, it’s important to realise that software development is work done by humans. People make mistakes. 诀窍是看看如何让程序员实际地少犯错误, and that the mistakes they do make are found. This can be achieved using the following nine steps:

1: Build on proven technology: Security is difficult, 你想要你所使用的技术尽可能多地为你处理这些. 现代编程环境已经提供了良好的安全性——如果使用正确的话. 设计上的安全性始于技术的选择,并了解如何正确地使用它. 竞博游戏下载发现的漏洞中有三分之一是由编写一些已经可用的程序引起的. 了解所使用的技术和库中的漏洞是很重要的, and to patch on time. 库管理——跟踪外部代码——正在成为最重要的编程任务之一.

2: Create awareness: 让开发人员了解他们所开发的软件需要什么,以及典型的威胁是什么. Examples and demonstrations work well here. Involving developers in threat modelling adds to their experience.

3: Limit instruction: Knowledge of security is nice in a developer, 但是你并不想完全依赖于开发人员在正确的时间拥有正确的知识. 这是可取的,但最终是不可行的,因为没有一个人拥有这么多的知识. 在任何情况下,向开发人员传授设计安全性的原则都是很重要的. OWASP describes ten of them here.

Sometimes there are guidelines the development team must adhere to, 但是这些不能在选择的技术或工具中自动捕获. The best form of these guidelines is therefore reference material, arranged based on recognisable situations – so-called triggers. 开发团队必须能够识别这些触发器(例如“竞博游戏下载现在正在处理用户输入”).

4: Manage maintainability: 难以更改的面条式代码增加了(安全性)错误的可能性. Maintainable source code is a prerequisite for security, so set requirements for maintainability and provide tools to measure this.

5: Automate checks: 越来越多的验证工具可以通过扫描源代码或测试行为来自动测试某些安全漏洞. 不要低估正确使用这些有用工具所需要的努力.

6: Carry out manual checks: 手动检查很重要,因为自动验证工具只能识别一些漏洞. 检查可以由团队成员或内部或外部专家进行. 不要将专家局限于特定的安全需求,这一点很重要, which will always be incomplete. 不要低估手工渗透测试或代码审查的执行. It is a profession in itself, as it requires creativity, experience, systematics, repeatability and, ideally, the ability to advise developers on how to structurally improve their work.

7: Expand to include privacy: 设计上的私隐是关于正确处理个人资料(及其保安). 这是关于意识,关于了解原则,关于具体的检查. A security by design program can therefore be expanded to include this topic.

8: Improve gradually: 制定一个计划,列出如何持续改进开发,并将其建立在现有框架的基础上, such as OWASP SAMM.

9: Finally:设计安全性不仅仅适用于新开发,所以不要忘记现有系统. 特别建议对设计上没有安全性的系统进行漏洞检查. 毕竟,在不久的将来,竞博游戏下载仍然不得不担心现有的数十亿行代码.

 

Related resources

Ensure Software Security & Privacy

Day after day in the headlines, 竞博游戏下载看到了安全性和隐私问题的后果——大多数这些事件是由软件开发中的错误造成的. 而信息系统的设计和构建应考虑到安全性和隐私要求, they rarely are.

Brochure - 2019 - 3 min read