Stop Inventing Your Own Encryption

In today's software development, integrating security from the beginning is crucial. Many developers often neglect security until it's too late, feeling it is overwhelming. Incorporating security as a standard practice simplifies this challenge, using principles like defense in depth and steering clear of custom solutions. The balance between open and closed source tools also plays a role in crafting secure systems. Rethinking security in development can lead to safer, more reliable software.

Podcast Episode: Stop Inventing Your Own Encryption

In this episode I talk with Eoin Woods about integrating security from the start of software development. Eoin, an expert in software architecture, explains why security often gets overlooked until the last minute. We explore why engineers find security daunting and discuss making it a standard part of development. Eoin shares design principles like defense in depth and cautions against custom security solutions.

"Avoid custom security solutions whenever possible - they often lead to vulnerabilities." - Eoin Woods

Eoin Woods is an independent consultant in the fields of software architecture, green software and software engineering. He is formerly the CTO of Endava, where he was responsible for software engineering and capability development for over 10,000 delivery staff across the world. Prior to Endava he has developed databases, created security software and designed way too many systems to move money around. Outside his day job he is interested in software architecture, software security and sustainable (or "green") software. He is a regular conference speaker, has co-authored three books on software architecture and was the recipient of the 2018 Linda Northrup Award for Software Architecture, from the Software Engineering Institute at CMU

Highlights der Episode

• Security should be integrated from the start of software development.
• Engineers often find security overwhelming and ignore it until too late.
• Design principles like defense in depth simplify security.
• Avoiding custom security solutions is crucial.
• Open and closed source tools each have benefits and challenges.

Making Security a First Class Citizen

Introduction

Established encryption practices are extremely important in software development. It's essential to prioritize security from the beginning and use proven methods instead of creating custom solutions. By understanding the dangers of DIY encryption, developers can make informed choices that improve the overall security of their software projects.

The Importance of Prioritizing Security Early On

In software development, prioritizing security from the very beginning is crucial for a successful project. Here's why it matters:

1. Addressing Security Concerns Early On

By considering security issues right from the start, we can create a strong foundation for the software.

2. Making Security a Core Aspect

Integrating security principles throughout the development process ensures that security is not an afterthought but a core aspect of the design and implementation.

3. Identifying and Mitigating Risks

By prioritizing security early on, developers can identify and mitigate potential risks at each stage, resulting in a more secure and reliable software product overall.

Understanding the Defense in Depth Strategy

Defense in depth is a cybersecurity strategy that involves implementing multiple layers of security defenses throughout a system to protect against potential threats. This approach recognizes that no single security measure is foolproof and aims to create a comprehensive defense posture.

How Defense in Depth Protects Against Sophisticated Attackers

Defense in depth helps mitigate risks by adding redundancy and diversity to the security measures, making it harder for attackers to exploit vulnerabilities. By incorporating various security controls at different levels, organizations can better withstand and respond to cyber threats.

Why Multiple Security Mechanisms Are Necessary

Different layers of security provide a safety net in case one layer fails or gets compromised. It ensures that even if an attacker breaches one layer of defense, there are additional barriers they need to overcome, increasing the overall resilience of the system architecture.

Avoiding DIY Encryption

When it comes to encryption practices, it is crucial to avoid the temptation of developing your own solutions. Here are key points to consider:

1. Risks of Homemade Encryption

• Inventive encryption algorithms may have inherent vulnerabilities.
• Lack of peer review can lead to undetected flaws.

2. Benefits of Established Libraries

• Widely-used libraries have undergone rigorous testing.
• Leveraging expert-produced technologies reduces security risks.

3. Open-source vs Closed-source Solutions

• Open-source: Offers transparency and community scrutiny.
• Closed-source: Can be advantageous for specific contexts or applications.

By relying on established cryptographic libraries rather than creating custom encryption methods, you can significantly enhance the security of your software systems.

Secure Software Development Lifecycle (SSDLC)

The Secure Software Development Lifecycle (SSDLC) model is a crucial framework that integrates security practices into every phase of the software development process. By incorporating security considerations from the initial design stage to deployment and maintenance, the SSDLC ensures that security is not an afterthought but a fundamental aspect of software development.

The Importance of SSDLC

The SSDLC model is important for ensuring the security of software products throughout their entire lifecycle. Here's why it matters:

1. Proactive approach: Instead of waiting for vulnerabilities to be discovered after the software is developed, the SSDLC encourages developers to identify and address security issues early on in the process.
2. Comprehensive coverage: Security is considered at every stage of development, including requirements gathering, design, coding, testing, and deployment. This holistic approach helps in building more secure applications.
3. Continuous improvement: The SSDLC promotes a culture of learning and improvement by incorporating feedback from security assessments and incident responses back into the development process.

By following the SSDLC model, organizations can ensure that security is integrated into their software development practices, resulting in more secure products.

The Role of OWASP in Secure Development

The Open Web Application Security Project (OWASP) plays a significant role in promoting best practices for secure software development. OWASP offers a comprehensive set of guidelines, tools, and resources to help developers build secure applications from the ground up.

Some key contributions of OWASP include:

• Top Ten Project: OWASP's Top Ten Project identifies and documents the most critical web application security risks. It serves as a valuable resource for developers to understand common vulnerabilities and how to mitigate them.
• Cheat Sheets: OWASP provides cheat sheets that offer practical guidance on specific security topics such as authentication, access control, and cryptography. These cheat sheets serve as quick references for developers looking to implement secure coding practices.
• Testing Guides: OWASP's testing guides provide detailed instructions on how to conduct security testing on web applications. They outline various testing techniques and tools that can be used to identify vulnerabilities.

By following OWASP recommendations, developers can mitigate common security vulnerabilities and enhance the overall security posture of their software products.

Achieving Secure Software Delivery

By implementing the SSDLC model and adhering to OWASP recommendations, organizations can achieve secure software delivery that prioritizes data protection and resilience against potential cyber threats.

This involves:

1. Training developers: Providing training sessions on secure coding practices and OWASP guidelines to ensure that all developers are aware of potential risks and know how to mitigate them.
2. Conducting regular assessments: Performing regular security assessments such as code reviews and penetration testing throughout the development lifecycle to identify any vulnerabilities before they are exploited.
3. Integrating security tools: Incorporating automated security tools into the CI/CD pipeline to catch vulnerabilities early during the build process.

By adopting these measures alongside the SSDLC model and OWASP recommendations, organizations can significantly reduce their risk exposure and deliver more secure software products.

Threat Modeling and User Stories for Better Security Planning

Threat modeling is a critical technique in software security that helps you identify potential attacks and vulnerabilities early in the design phase. It involves systematically analyzing your system to understand what valuable assets exist, who might want to attack them, and how those attacks could happen.

One practical approach within threat modeling is the creation of abuser stories. These are narratives from the perspective of an attacker or malicious user. They describe how an adversary might exploit weaknesses to compromise the system. Abuser stories force you to think like an attacker, uncovering hidden risks that traditional user stories might overlook.

Key benefits of incorporating threat modeling and abuser stories include:

• Highlighting attack vectors before code is written
• Guiding developers to build defenses tailored to realistic threats
• Prioritizing security controls based on likely abuse scenarios

You don't need complex tools or exhaustive processes—simple, structured threat modeling can significantly improve your design decisions and reduce costly vulnerabilities later on.

Best Practices for Secure Interfaces and APIs

Use Strongly Typed Interfaces

Using strongly typed interfaces can greatly enhance the security of your application. By defining the expected data types for your inputs and outputs, you can enforce stricter validation rules and reduce the risk of common security issues like injection attacks.

For example, instead of accepting a generic string as an input parameter, you can define a specific type such as Email or PhoneNumber. This way, any value passed to the interface will be validated against the defined type, ensuring that only valid email addresses or phone numbers are accepted.

Set Secure Defaults

When designing your interfaces and APIs, it's important to set secure defaults whenever possible. This means that if a user does not explicitly specify a value for a certain parameter, your application should automatically use a secure option instead of assuming an insecure one.

For instance, if you have an API endpoint that allows users to upload files, you can set the default file size limit to a reasonable value (e.g., 5MB) even if the user doesn't specify it in their request. This helps prevent potential denial-of-service attacks by limiting the size of files that can be uploaded.

While it may be tempting to create your own encryption algorithms or protocols, it's generally not recommended. Unless you have extensive knowledge and expertise in cryptography, it's best to rely on established and widely-used encryption standards such as AES (Advanced Encryption Standard) or RSA (Rivest-Shamir-Adleman).

By using proven encryption methods, you can ensure that sensitive data transmitted over your interfaces and APIs is securely protected from unauthorized access. Additionally, this makes it easier for other developers who integrate with your system to understand and implement the required security measures.

Case Studies: Learning from Real-Life Security Incidents

1. Default Passwords in Production Systems

One of the most infamous security breaches involving default passwords occurred in 2019 when a major cloud service provider suffered a data leak. The incident was traced back to an unprotected database that was left open to the internet, with the default password still intact.

This breach exposed sensitive information belonging to numerous clients and raised questions about the security practices of both the service provider and its customers. It served as a stark reminder of the importance of changing default passwords and implementing strong authentication measures.

2. Lazy API Filtering Issues

Another notable incident involved a popular social media platform that experienced a significant data breach due to inadequate API filtering. Attackers exploited vulnerabilities in the platform's application programming interface (API) to gain unauthorized access to user accounts and sensitive data.

The incident highlighted the criticality of robust API security measures, including proper input validation and access controls. It also emphasized the need for developers to prioritize security during the design and implementation of APIs.

These case studies demonstrate how lapses in security practices can lead to devastating consequences. They underscore the necessity of adopting proactive security measures, such as encryption and secure coding practices, to mitigate risks and protect sensitive information.

Collaboration Between Security Engineers and Product Owners

Security engineers are essential for implementing secure coding practices from the beginning of software development. Their knowledge in areas like threat modeling, penetration testing, and application security can help find weaknesses early on. At the same time, product owners are important for determining security priorities and making sure that security aligns with business objectives.

By encouraging a cooperative relationship between these two important roles, organizations can effectively prioritize security throughout the entire software development lifecycle. This teamwork ensures that security is not something that gets added on later but rather an essential part of the development process.

Conclusion

Stop Inventing Your Own Encryption is a critical directive for anyone involved in software development. Creating your own encryption algorithms or protocols introduces significant risks, including hidden vulnerabilities and maintenance challenges. Established industry standards and widely-reviewed cryptographic libraries provide proven security, benefiting from extensive scrutiny by experts worldwide.

Key points to remember:

• DIY encryption often leads to flawed implementations that attackers can exploit.
• Utilizing trusted, open-source or closed-source libraries ensures better protection and reliability.
• Security must be integrated early and continuously throughout the software development lifecycle.

You hold the power to improve security by educating yourself on secure coding practices and leveraging resources like OWASP's guidelines. When in doubt, seek professional help from security engineers who understand threat modeling, penetration testing, and defense in depth strategies.

"Don't reinvent the wheel—build your software on a foundation of established security principles."