27.1. Key Security Concepts

Security is best tackled in a holistic manner, by considering not just the application, but also the host and network environment where it is deployed. There's no use spending time encrypting your database connection strings if the administrator password is easy to guess!

One approach to implementing effective security is to consider the possible risks and threats to your application. Called threat modeling, this technique involves identifying threats, vulnerabilities, and most importantly, countermeasures for your specific application scenario.

When it comes to security threat modeling, it's a good idea to approach the world with a healthy dose of paranoia. As Kurt Cobain said, "Just because you're paranoid doesn't mean they aren't after you."

Table 27-1 categorizes the areas that should be considered as part of a threat modeling exercise.

Table 27.1. Threat Modeling Considerations
CategoryConsiderations
AuthenticationHow do we verify a user and match this user with an identity in the system? Authentication is the process in which a user or system proves its identity. This is typically done either through something the user knows, such as a username and password, or has, such as a certificate or security token.
AuthorizationWhat can a user do within the application? Authorization is how your application controls access to different resources and operations for different identities.
Data Input ValidationIs the data that has been entered both valid and safe? Input validation is the process of parsing and checking the data that was entered before it is saved or processed.
Data ProtectionHow does your application keep sensitive data from being accessed or modified? Data protection typically involves cryptography to ensure the integrity and confidentiality of sensitive data. This includes data that is in memory, being transferred over the network, or saved in a persistent store.
Source Code ProtectionCan your application be easily reverse-engineered? Source code can contain information that could be used to bypass security, such as a hard-coded decryption key. Obfuscation is the most common technique for ensuring that a .NET application cannot be easily decompiled.
Configuration ManagementHow do you configure the application and are the settings stored securely? Configuration management must ensure that settings cannot be accessed or modified by unauthorized users. This is particularly important when the configuration contains sensitive information that could be used to bypass security, such as a database connection string.
Exception ManagementWhat does your application do when it fails? Exception management should ensure that an application does not expose too much information to end users when an exception occurs. It should also ensure that the application fails gracefully, and is not left in an unknown state.
Auditing and LoggingWho did what and when did they do it? Auditing and logging refer to how your application records important actions and events. The location to which audit logs are written should ideally be tamper-proof.

By systematically identifying the security risks and putting in place appropriate countermeasures, we can begin to gain a level of trust that our applications and data can only be used in the manner that we intended.

The foundation of security is really all about trust and determining the scope and boundaries of our trust. For an application developer, this largely involves deciding to what degree you trust your users and external systems with which you interact, and what level of protection you need to put in place to guard against malicious users. You should ask questions such as, "Do I need to check the data that has been entered on this form, or can I simply assume that it is valid?"

However, as a system administrator or end user, you need to determine to what degree you trust that the applications you execute do not perform malicious actions. This is a fairly black-and-white decision when it comes to most non-.NET applications. If you don't fully trust an application, then you shouldn't execute it, because there is no way to limit the actions it performs. Even if you do trust that an application has good intentions, how sure are you that it does not contain a defect that causes it to inadvertently delete all of your personal files?

Built into the foundation of the .NET Framework is a policy-based security system called code access security, which can address these concerns by limiting the scope of actions that an application can perform. Because this is such an important part of security in the .NET Framework, it is discussed in detail in the following section.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.121.8