Understanding the specific threats you face is an essential step in determining how much security is needed and in what areas.
- As a web developer, the most important part of security awareness is to assess potential threats to your website. The process of assessing potential security threats is called developing a threat model. Threat models are unique to each person or organization. They are a prioritized list of the risks and the potential threats that a person or organization faces. Threat models are not a new concept. Like many of the security principles we will examine, they've been used in military applications for centuries. Imagine a castle in the 13th century. The king and queen are worried that their enemies will attack soon. How should they secure the castle? They start by examining the situation to develop a threat model. They know that enemies are most likely to attack from the north and those enemies are likely soldiers on foot without heavy equipment. Their most valuable assets are the lives of their family and their more desirable assets to their enemies are treasure and weapons and they also know that the castle's southern wall is damaged and more vulnerable than usual. This threat model allows the king and queen to prioritize their defenses. They strengthen the northern defenses against soldiers on foot, they fortify the buildings containing their family, treasure and weapons and they make sure that the southern wall does not become an unexpected weak point. The king and queen have considered the profile of their attacker, the likely attack vectors, they've taken stock of their high-value assets and considered their vulnerabilities. Considering these items provides the awareness which allows them to ensure that they have adequate protections. These considerations are unique. A different castle would likely have a different threat model and that can change over time. A threat model must be continually updated. A threat model is also helpful for what it excludes. A castle far from the coast does not need to be concerned about an attack from the sea. A castle on an island does not need to be concerned about land-based attacks. The same applies to web security. Some websites will be more concerned about certain types of hackers than others. If you run a website about a controversial topic, then hacktivists may be in your threat model. If you run an e-commerce site, then criminals are probably a large part of your threat model. If you're a defense contractor, then governments and advanced persistent threats may be in your threat model. Security should also be in proportion to one's needs and goals. For example, if I have a $100 bill, I don't need to construct a high security vault to protect it, I can put it in my house, lock the doors and be happy with the level of security that's in place. But if I had $100 million, then I probably would not trust the locks on my house. I'd want a top-of-the-line security system in place and I'd be willing to invest a lot of time and money in setting it up. Our investment in security should match our threat model. The values of the assets that we're securing and the consequences of failing. In each threat model, attackers will have different abilities, attack styles and objectives. Each defender will have different high-value assets and vulnerabilities. There is no one-size-fits-all security. Security requires tailoring protections to fit your specific threat model.
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting