Skip to main content

5.5 Protecting Applications

Topic 5.5: Protecting Applications

Securing applications requires a fundamental shift in how software is developed, moving from a reactive model of fixing vulnerabilities after they are found to a proactive model of building security in from the start. Two key principles guide this modern approach: secure by design and secure by default.

Secure by design is a development philosophy that integrates security into every phase of the product lifecycle, from initial conception and design through development, deployment, and maintenance. It treats security not as an add-on feature, but as a core design principle. This initiative is guided by three main tenets:

  1. Ownership of Security Outcomes: Companies should take responsibility for the security of their customers by building products that are inherently safe and resilient.
  2. Radical Transparency and Accountability: Organizations should be transparent about their security practices and promptly share information about vulnerabilities and updates. This collaborative approach helps the entire ecosystem become more secure.
  3. Leadership and Structure: Companies must establish a security-first culture, supported by leadership and an organizational structure that prioritizes security.

A critical component of this philosophy is the concept of secure by default. This means that products should be shipped with their security features enabled and configured to be as secure as possible "out of the box." Users should not have to be security experts to be safe; the default settings should provide a strong security posture without requiring any user action.

A primary technical control for protecting applications is user input sanitization. Many application attacks, such as SQL injection and cross-site scripting, succeed because an adversary is able to enter malicious data or commands into a user input field. Applications often use special control characters, like single quotes, double quotes, and semicolons, to structure commands and process data. An adversary can use these characters to break out of the intended data field and inject their own commands.

To prevent this, developers must implement functions that validate and sanitize all user input before it is processed. Data validation ensures that the input matches the expected format (e.g., checking that a phone number field contains only numbers). Input sanitization involves stripping out or neutralizing any potentially malicious characters from the user's input. For example, a sanitization function might remove all single quotes from an input string before passing it to a database. By properly sanitizing user input, an application can effectively defend against a wide range of injection-based attacks, including SQL injection, XSS, and directory traversal.