Posts like this are awesome at raising awareness, but it seems difficult to find guidance on what to secure, whether to secure or not, and what to secure against. I'm not talking about SQL injection or XSS - both of which are hugely relevant for web apps, but rather a broader approach, like threat modelling.<p>The idea (for <i>any</i> system) is to start with understanding an adversary's perspective by:<p>- Listing application entry points (where does data enter into the application?)<p>- Cataloguing assets (what's being protected?)<p>- Identifying trust levels (who needs access to what?)<p>Then defining the security of the app/system by:<p>- Defining use scenarios<p>- Identifying implementation assumptions (parameter-based SQL?) and external dependencies (payment system?)<p>- Modelling the application/solution (data flow diagram that shows interactions with external entities, and machine and process boundaries)<p>The final stage is identifying threats, analysing them, and determining vulnerabilities. Threats typically fall into one of 6 categories:<p>- Spoofing<p>- Tampering<p>- Repudiation<p>- Information disclosure<p>- Denial of service<p>- Elevation of privilege<p>That stuff I've just written doesn't begin to do threat modelling justice, but it's enough to start some research.<p>And before anyone starts suggesting that it's not important/requires big design up front/we need to pivot/etc consider that exactly those arguments are what landed the likes of LinkedIn, Sony, etc. in hot water.
People forget how quick it can be to get the tools to do simple things like SQL Injection and XSS without even trying. They are free and EXTREMELY easy to get. Not covering those basic security flaws will allow any "script kiddies" to get into all of your data. Even still though, some of the more sophisticated attacks, like Social engineering, are not being made into tools that anyone that can use a computer can use. Its not so easy to make secure things because the hackers only need to be right once, you need to be right every time. Also remember, you're only secure as your weakest link.