Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Art of Secure Architecture

The Art of Secure Architecture

Julia Mezher

June 02, 2021
Tweet

More Decks by Julia Mezher

Other Decks in Programming

Transcript

  1. Secure architecture for small startup companies Fast-pacing development Prioritized feature

    delivery Smaller team No security team & decision making Tight deadlines & budget
  2. … security decreases usability … and performance … … security

    feature is in conflict with another feature … We want it secure but…
  3. Security is invisible - No direct business value. - You

    can’t see if it’s working, you can see when it fails.
  4. Secure architecture – is a combination of structural security decisions

    that efficiently addresses risks considering business goals.
  5. People make poor decisions under pressure. Secure architecture is about

    decision making. People mess up the processes under the pressure. Secure architecture is about following the process.
  6. Requirements Design Develop Test Deploy Security review, security features Design

    review, threat model Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment SSDLC
  7. Requirements Design Develop Test Deploy Security review, security features Design

    review, threat model Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment SSDLC
  8. Building Secure Architecture See also: TOGAF BUSINESS GOALS BUILD THE

    ARCH ARCH DECISIONS & DESIGN RISKS & TRADEOFFS
  9. Imagine you are an artist. You want to gift your

    friend a painting: a portrait. You know your friend is somewhat picky.
  10. Watercolor Pros: trendy, not expensive Cons: mistakes not allowed Imagine

    you are an artist. You want to gift your friend a painting: a portrait. You know your friend is somewhat picky.
  11. Watercolor Pros: trendy, not expensive Cons: mistakes not allowed Oil

    paint Pros: mistakes allowed Cons: expensive, not trendy Imagine you are an artist. You want to gift your friend a painting: a portrait. You know your friend is somewhat picky.
  12. Watercolor Pros: trendy, not expensive Cons: mistakes not allowed Oil

    paint Pros: mistakes allowed Cons: expensive, not trendy Gouache water-based as watercolor but not that opaque, not expensive, allows minor mistakes Imagine you are an artist. You want to gift your friend a painting: a portrait. You know your friend is somewhat picky.
  13. What could go wrong? Lack of time Not assessing risks

    and tradeoffs Picking tools before sticking to the core idea Lack of awareness
  14. What is important for your business? What I don’t want

    to share or loose as a user? What sensitive data or PII can be there? Do I need to be compliant to any regulations? Why may the company loose a lot of many? How much do I care about reputation damage? Risk assessment for beginners
  15. What is important for your business? - Profit What I

    don’t want to share or loose as a user? - Credit card What sensitive data or PII can be there? - Name, address, phone Do I need to be compliant to any regulations? - GDPR, CCPA Why may the company loose a lot of many? - Availability issues How much do I care about reputation damage? - I care a lot Food delivery service example
  16. What is a possible damage from this or that attack?

    What is our attack surface? How often this or that attack may appear? How probable it is? How interesting (profitable) it may be for an attacker? What skill level is required for it? Do we have (plan) other security controls covering it? What is the cost of implementing the security control? What is the cost of attack mitigation? See also: FAIR, NIST RMF Measure and prioritize
  17. Be creative! Building Secure Architecture BUSINESS GOALS BUILD THE ARCH

    ARCH DECISIONS & DESIGN RISKS & TRADEOFFS Document risks!
  18. Be creative! Pick tools here! Building Secure Architecture BUSINESS GOALS

    BUILD THE ARCH ARCH DECISIONS & DESIGN RISKS & TRADEOFFS Document risks!
  19. Creativity - the ability to create - the use of

    imagination or original ideas to create something; inventiveness Synonyms: imagination, vision, inventiveness Industry Guidelines Technology expertise Tools
  20. Be creative! Pick tools here! Building Secure Architecture BUSINESS GOALS

    BUILD THE ARCH ARCH DECISIONS & DESIGN RISKS & TRADEOFFS Document risks!
  21. BUSINESS GOALS BUILD THE ARCH ARCH DECISIONS & DESIGN RISKS

    & TRADEOFFS Document risks! Be creative! Communicate! Pick tools here! Building Secure Architecture
  22. Communicate! Business owner view Architect’s view Designer’s view Software engineer’s

    view Manager’s view See also: SABSA Building Secure Architecture
  23. Communicate! Business owner view Architect’s view Designer’s view Software engineer’s

    view Manager’s view QC engineer’s view Marketing view Infrastructure engineer’s view People management view Graphical designer’s view Legal view Support team view See also: COBIT 5 Building Secure Architecture
  24. Secure Architecture - is about decision making process - is

    based on risks and business goals - is an abstraction Secure Coding - is about writing code - is based on industry guidelines - is platform-specific Why engineers can’t make it secure?
  25. You operate risks and business goals, abstracting from the tools

    You operate tools, you don’t make business decisions Secure Architecture - is about decision making process - is based on risks and business goals - is an abstraction Secure Coding - is about writing code - is based on industry guidelines - is platform-specific Why engineers can’t make it secure?
  26. You operate risks and business goals, abstracting from the tools

    You operate tools, you don’t make business decisions Creating structure Adding details Secure Architecture - is about decision making process - is based on risks and business goals - is an abstraction Secure Coding - is about writing code - is based on industry guidelines - is platform-specific Why engineers can’t make it secure?
  27. “We’ve created a mobile app for our store! Now, you

    can pay with the app! No need to interact with people!” Why engineers can’t make it secure?
  28. “We’ve created a mobile app for our store! Now, you

    can pay with the app! No need to interact with people!” “The fraud level is way too high. Let’s ask engineers to investigate and fix the issue” Why engineers can’t make it secure?
  29. “We’ve created a mobile app for our store! Now, you

    can pay with the app! No need to interact with people!” “The fraud level is way too high. Let’s ask engineers to investigate and fix the issue” After a couple of month engineering team arrived with nothing. One of them asked: “What is the actual percentage of fraudulent transactions?” Why engineers can’t make it secure?
  30. “We’ve created a mobile app for our store! Now, you

    can pay with the app! No need to interact with people!” “The fraud level is way too high. Let’s ask engineers to investigate and fix the issue” After a couple of month engineering team arrived with nothing. One of them asked: “What is the actual percentage of fraudulent transactions?” The actual percentage was actually better the industry statistics. Why engineers can’t make it secure?
  31. Requirements Design Develop Test Deploy Security review, security features Design

    review, threat model Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment SSDLC
  32. Requirements Design Develop Test Deploy Security review, security features Design

    review, threat model Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment Architectural decisions SSDLC
  33. Requirements Design Develop Test Deploy Security review, security features Design

    review, threat model Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment Architectural decisions Software developers SSDLC
  34. Force upgrade feature Essential for desktop and mobile apps (but

    not for backend, web) But its logic includes both app and backend side. Why engineers can’t make it secure?
  35. Force upgrade feature Essential for desktop and mobile apps (but

    not for backend, web) But its logic includes both app and backend side. If the app is already released, it take more time to implement it (existing error handling logic created limitations). Why engineers can’t make it secure?
  36. When security was postponed: 1. Error handling implemented 2. App

    devs discover the risk 3. App devs communicate with architect and manager 4. App devs communicate with backend 5. Updating error handling 6. Adding force upgrade Why engineers can’t make it secure?
  37. When security was postponed: 1. Error handling implemented 2. App

    devs discover the risk 3. App devs communicate with architect and manager 4. App devs communicate with backend 5. Updating error handling 6. Adding force upgrade Security right from the start: 1. Architect communicates with devs 2. Architect discovers the risk 3. Error handling implemented 4. Adding force upgrade Why engineers can’t make it secure?
  38. Requirements Design Develop Test Deploy Security review, security features Design

    review, threat model Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment SSDLC
  39. Requirements Design Develop Test Deploy Security review, security features Design

    review, threat model Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment … tips for small startups… SSDLC
  40. Requirements Design Develop Test Deploy document risks and sensitive assets

    design and discuss with security in mind Secure coding, static analisys Security code review, pentesting Security monitoring, security assessment … tips for small startups… See also: OWASP RAF SSDLC
  41. Requirements Design Develop Test Deploy document risks and sensitive assets

    design and discuss with security in mind secure coding knowledge sharing, static analysis Security code review, pentesting Security monitoring, security assessment … tips for small startups… SSDLC
  42. Requirements Design Develop Test Deploy document risks and sensitive assets

    design and discuss with security in mind secure coding knowledge sharing, static analysis security checklists, dependency checkers, SAST, DAST. Security monitoring, security assessment … tips for small startups… SSDLC
  43. Requirements Design Develop Test Deploy document risks and sensitive assets

    design and discuss with security in mind secure coding knowledge sharing, static analysis security checklists, dependency checkers, SAST, DAST. security events in analytics, responsible disclosure … tips for small startups… SSDLC
  44. Requirements Design Develop Test Deploy document risks and sensitive assets

    design and discuss with security in mind secure coding knowledge sharing, static analysis security checklists, dependency checkers, SAST, DAST. security events in analytics, responsible disclosure … tips for small startups… SSDLC
  45. Have you ever caught your development team in the situation

    when the very first app release is coming, but it lacks security completely? Requirements Design Develop Test Deploy
  46. Have you ever caught your development team in the situation

    when the very first app release is coming, but it lacks security completely? Requirements Design Develop Test Deploy What are the most critical events that may happen to your business? Prioritise!
  47. Have you ever caught your development team in the situation

    when the very first app release is coming, but it lacks security completely? Requirements Design Develop Test Deploy What are the most critical events that may happen to your business? Prioritise! Communicate. Assess what you already have. Book time.
  48. Have you ever caught your development team in the situation

    when the very first app release is coming, but it lacks security completely? Requirements Design Develop Test Deploy Build step by step. Make sure basic security functionality is working. Then, improve. What are the most critical events that may happen to your business? Prioritise! Communicate. Assess what you already have. Book time.
  49. Have you ever caught your development team in the situation

    when the very first app release is coming, but it lacks security completely? Requirements Design Develop Test Deploy Build step by step. Make sure basic security functionality is working. Then, improve. Create a checklist with all the security controls. What are the most critical events that may happen to your business? Prioritise! Communicate. Assess what you already have. Book time.
  50. Have you ever caught your development team in the situation

    when the very first app release is coming, but it lacks security completely? Requirements Design Develop Test Deploy Build step by step. Make sure basic security functionality is working. Then, improve. Create a checklist with all the security controls. Set up alerting What are the most critical events that may happen to your business? Prioritise! Communicate. Assess what you already have. Book time.
  51. Have you ever caught your development team in the situation

    when the very first app release is coming, but it lacks security completely? Requirements Design Develop Test Deploy Build step by step. Make sure basic security functionality is working. Then, improve. Create a checklist with all the security controls. Set up alerting Prepare Plan B What are the most critical events that may happen to your business? Prioritise! Communicate. Assess what you already have. Book time.
  52. Summary - Book time for security in advance - Stick

    to SSDLC as early as possible - Secure architecture is not a single person responsibility