How Do Cybersecurity Principles Fit in Modern Application Design?

Security-by-Design: Changing the Perspective on Cybersecurity

  • Early detection and response to security vulnerabilities and misconfigurations
  • Documentation of security measures throughout SDLC makes it easier to understand failures
  • Reduce the cost of a separate security program
  • Easier and timely decision-making thanks to comprehensive risk management

Applying Cybersecurity Principles to the SDLC

1. Minimize attack surface area

  • Reduce user roles number to the minimum
  • Avoid storing confidential data whenever you can
  • Disable features that you don’t need or use at all times
  • Introduce intrusion detection and prevention systems (e.g., Web Application Firewall)
  • Remove unwanted ports and services from your product
  • Remove debug ports, headers, and traces from circuit boards

2. Secure by default

  • Implement a prompt after the first logging attempt
  • Disable all insecure services
  • Set HTTPS-only by default

3. Least privilege

4. Defense-in-depth

  • Secure communications and regular security updates
  • Secure configurations by restricting unwanted and insecure services
  • Implement Firewalls, IDS/IPS, sandboxing, monitoring, etc.
  • Limit access control
  • Implement ID card requirements, fences, CCTV., etc.
  • Create a solid policy for risk management, incident response, training, and so on

5. Fail securely

  • Access to sensitive user information
  • Access to keys and passwords
  • Attackers to install unauthorized software
  • Attackers to use the product to launch more attacks on the network

6. Promote privacy

  • End-to-end communication encryption
  • Secure inter-cloud communications
  • Encrypted databases
  • Operation measures like a request portal for secure data deletion
  • Virtual machines (VMs) or encrypted disks
  • Encrypted disks
  • Encrypted databases
  • Encrypted communications with tamper-proof hardware and end-user documentation

7. Zero-trust security

Security and Design Go Hand in Hand

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store