Defensive Application Coding Practices Secrets
Security professionals have determined that most risks to the applications are stemming from a small number of programming errors. A defense-in-depth approach is incredible for the web application to avoid, as well as mitigate those vulnerabilities. To reduce the possibility of successful attacks, the team must follow defensive coding practice to introduce acceptable security precautions. Following these practices also warns the developers of critical web-based infrastructure for producing programs without vulnerabilities. Let us explore these practices:
The basic premise behind the concept of input validation is “Do not trust without verifying.” The input validation process verifies the following processes to ensure the submitted data:
- Data is of correct type and format
- Falls in the accepted range of values
- Not interpreted as source code as in the case of injection attacks
- Don’t cover up an alternate method, which bypasses security features
How To Validate?
The input validation can be taken by filtration techniques:
Whitelist – Verifies the data with the list of allowable non-malicious and good characters, data patterns, and commands. For example: accept only the input with “@” and “.com” for the email field.
Blacklist – Verifies data with the list of malicious or disallowed commands, characters and data patterns. For example: Don’t accept SQL command (--) and Single Quote (‘).
Verification can also be done by sanitation, which is a process of converting potentially dangerous Input into innocuous form. Example: Quoting all input
Where To Validate?
Input can be can validate or verified
- At the client end (recommended)
- At the server end (MUST have)
What To Validate?
The input should be validated for:
- Data Type
- Range, Length
Canonicalization is the process of altering data that include more than one possible representation to adapt to a standard canonical method. Here is the canonicalization form of our website address:
In the case of XML, this process is utilized to guarantee XML documents following a certain format. Canonicalization also includes international implications as it relates to the character sets of the Code pages such as Unicode and ASCII. If the input filtration process is done before the completion of the canonical process, and the canonical form of input includes the items of the blacklist, they get a chance to bypass the filtration. Hence, in terms of security, the canonicalize and validation process should take place after decoding the data.
Code Access Security (CAS)
Code Access Security prevents the code from untrustworthy sources comprising run-time permissions to function privileged operations. It also prevents the code from the trusted sources against intentionally or unintentionally comprising the security. The concept of CAS includes the following libraries:
The permissions that need to be granted are assessed dynamically when the code has entered the memory. The three kinds of security action performed here are:
Request: Used to notify runtime regarding permissions, which code is required for execution.
Demands: Used in the code to declare permissions as well as support to prevent resources from callers.
Overrides: Involved in the code to allow override default security performance.
In order to implement CAS, the code must be created by a programming language, which can be able to offer the verifiable programming Type-safe code. The Type-Safe code can’t access memory at random as well as from unauthorized locations.
CAS can be implemented in the code syntax in two ways:
1. Declarative Security Syntax – permissions are defined as security attributes in the code metadata.
2. Imperative Security Syntax – permissions are defined inline in the object code.
Secure Class Libraries
It uses security demands to ascertain the library callers include the permissions to access resources and functionality it exposes. In addition, the code without having runtime permissions aren’t allowed to access the secure class libraries.
Container Versus Component
The container and component are the two basic approaches to implement security.
Declarative security or container security offers a container managed strategy to ensure software flexibility, portability, and low deployment cost. Here, the security rules are configured outside the source code as a part of the deployment descriptor. This security uses external configuration files and deployment descriptor to describe the code authorization and authentication requirement. The application container or constraints oversee applying dynamic security constraints to the code.
Programmatic or component security embeds the security rules in code or component itself. It involves a granular approach to implement security. This security is not recommended in case code is to be reused. When using this security, the programmatic enforcement is embedded in the application along with programmatic validation on policies to find, what a valid user is allowed to access. This security is useful where a declarative security is not enough.
The predominant mistake of implementation of cryptographic protection in application code involves the invalidated and weakly or custom developed algorithms for enciphering and deciphering process or non-collision of free hashing algorithms for hashing purpose. Hence, it is suggested to use the tested, vetted as well as proven standardized algorithms to address this issue. The following table listed the banned and accepted algorithms:
Cryptographic Agility is the capability of the code to switch to standard or recommended algorithms from insecure algorithms.
Attack Surface Evaluation & Reduction
The attack surface is defined as the various points where a hacker can get into the software and can achieve data access. The attack surface evaluation is the process of understanding the areas of risks in the software, to make security specialists and developers aware about the regions of software that are vulnerable to attacks and determine methods to reduce this. The basic method of reducing the attack surface includes the following actions:
- Reduce the number of code running
- Reduce the number of available entry points that allow the entry of untrusted users
- Eliminate the services, which are requested by certain users
- Turn off unwanted functionality
- Reduce code available to untrusted actors
Secure Memory Management can safeguard the revelation of data when it is processed. To implement proper memory management, it is important to follow some memory management concept. These include:
The Locality Of Reference
Also referred as the “principle of locality”. It is a process where the same locations of data are frequently accessed and are used soon based on its accesses in the past. There are four main types of this principle. They are:
- Temporal locality
- Spatial locality
- Brach locality
- Equidistant locality
It refers the pointers which don’t point to a legitimate object of the corresponding type in the system memory. This happens when the object, which the pointer actually referencing was de-allocated or deleted without any change in the pointer value (that being unmodified). This situation is also called as memory leaks.
Dangling pointers point the location of deleted memory when that location is loaded with other data.
As a result of bad programming, the memory buffer object, which is allocated to store some variable turn into unreachable. This situation is called as memory leaks. In order to address this issue, proper memory management is required. This states that memory resource which is allocated for processing certain threats should be released for reuse once the processing is terminated. In computer programming, the automatic reclamation of memory is referred as garbage collections.
Exceptions are defined as the software problems, which aren’t handled explicitly during unreliable and unintended behavior of the software. Entire exceptions should be handled explicitly. In case, the code allows to construct try-catch-finally, then it is essential to catch entire exception block. In addition, an incredible exception management feature, which can be implemented at the time of linking process and compilation is to utilize the flag called “Safe Security Exception Handler” [/SAFESEH] in systems.
Ensure the integrity security principle and protect the software code or data from the unauthorized modification. Most famous anti-tampering techniques are as follows:
- Code Signing
- Anti-reversing Techniques
In order to assure integrity and reliable operations, the source code requires being safeguarded from the untrusted modification. Anti-tampering assurance of source code can be accomplished by obfuscation, also known as shrouded code.
Obfuscation of the code involves making the source code confusing and obscure with the help of a special program called as Obfuscator. Hence, even if the code is stolen or leaked, they can’t be easy to read. It involves the process of complicating the source code with convoluted loops, generic variable names, renaming textual & symbols and conditional constructs.
This process involves the process of signing the code (includes scripts, executables and more) digitally using a digital signature. Generally, the implementation of code signing makes use of public and private key systems as well as digital signatures.
Reversing comprises the process of collecting details about the software design and implementation of the source code. In terms of security, reversing can be done for security research and to identify weakness in the released software. However, the skilled attackers who are experts in reversing can crack the software security protections. In addition, they can tamper as well as repack the source code with malicious intent. Hence it is essential to protect the reversing with anti-tampering protection mechanisms like embedding anti-debugger code and removing symbolic details from the PE (Program Executables).
Ensuring the system integrity in addition to the assurance of secure design and implementation is incredible for secure start-up. Secure start-up refers to the entire mechanism and processes, which assure the TCB integrity of the environment when the application is running on the system from its beginning. It safeguards and avoids side channel threats like the cold boot attack. Secure start-up is implemented by using hardware’s TPM (Trusted Platform Module) chip, which offers heightened tamper-proof date defense during start-up.
Developers and testers required to knowledge themselves with the best coding practices to follow. With these skill sets, the development team will avoid coding mistakes that result in software vulnerabilities.