Table of contents
§9.3.

Security concepts

All developers must have a fundamental understanding of security.

The internet is an extremely hostile environment. However, the battleground is out of sight: it is played out invisibly on microprocessors and network routers. This invisibility hides the massive scale and intensity of the attacks.

For example, a small personal homepage will receive more traffic from ‘bots’ searching for insecure Wordpress installations than legitimate traffic. Even on an unimportant or irrelevant server, an open SSH port will receive hundreds and perhaps thousands of attempted attacks every single day.

It is too easy to make a security mistake. I have made mistakes in the past. I am probably making mistakes today. I am likely to make more mistakes in the future. However, I am not alone. Even the largest and most security-conscious companies with dedicated security specialists will make mistakes.

What you and I can do is: seek as much feedback as possible; continually strive to do better; minimize the harm from an attack; and respond fast when things go wrong. A security mindset depends on constant vigilance and humility to accept you can always do better.

Security in internet programming

One way to think about security is through the perspective of the “CIA triad”:

  • Confidentiality
    Data should only be accessible by people who should have access to it. For example, my private shopping list should not be visible by others.

  • Integrity
    Data should be correct and trustworthy. Only authorized users should modify data. For instance, I should be the only person with access to add or remove items from my private shopping list.

  • Availability
    Data should be accessible by users when needed. For example, malicious users should not block me from logging in.

A range of techniques and technologies can help achieve the triad:

  • Cryptography:

    • Encrypting all communications, so that they cannot be read or intercepted on the internet

    • Encrypting sensitive data such as passwords, so that attackers cannot read the data without permission

    • Hashing and signing data, so that unauthorized changes can be detected and so that attackers cannot impersonate critical services

  • Defensive coding:

    • Writing safe code that does not contain bugs that attackers exploit to access systems

    • Adding authentication and authorization logic so that only verified users can access data

    • Writing efficient code so that an attacker can’t overload a server with millions of requests

The concept of layering applies to security as well. Defense in depth is the idea of using layers of security technologies. If one layer fails, there are still other layers to defend the application.