Friday, March 21, 2008

What is an Application Security? What is STRIDE security model?

You can secure your application by employing several security mechanisms, such as firewalls, proxies, secure channels, and authentication schemes. However, all it takes for a security breach to occur is for an attacker to find one weakness in your system. It is said that security is like a chain. The total strength of the chain is equal to the strength at its weakest point.

Attackers use various methods to exploit system vulnerabilities to achieve their goals. Vulnerabilities are weak points or loopholes in security that an attacker exploits to gain access to an organization’s network or to resources on the network. Some of the vulnerabilities are weak passwords, misconfigured software, unencrypted data, SQL injections, cross site scripting, social engineering.

To design a secure application, you should be familiar with the following principles of security and employ them when creating security strategies:

1. Rely on tested and proven security systems.

2. Never trust user input.

3. Assume that external systems are not secure.

4. Follow STRIDE principles.

STRIDE security Model:

Each letter in the STRIDE acronym specifies a different category of security threat:

1. Spoofing identity

2. Tampering

3. Repudiation

4. Information disclosure

5. Denial of service

6. Elevation of privilege.

Application architects should design the systems in such as way that they cover all the aspects of security as per the STRIDE model. Mechanism are available in .NET to counter security attacks, it all depends on the design if your system.

0 comments:

Post a Comment