Requirement analysis stage
The need to set general guidelines for the entire development process, so security controls start early. Both of these things need to be remembered to ensure the development of safe software when working with customer requirements is:
- Employ a combination of use and misuse cases.
- Conduct security risk assessment and create a risk profile
Design stage
Secure design stage involves six security principles to follow:
- Least privilege – Software architecture should allow minimum user privileges for normal functioning.
- Privilege separation – Specific actions in the software (for example, create, delete or modify certain properties) should be allowed to a limited number of users with higher privileges.
- Complete mediation – Every user access to the software should be checked for authority. That decreases the chances of privilege escalation for a user with limited rights.
- Multiple security layers –
Applying for this principle, you will eliminate the threat of a point of safety failure that will affect the entire software. It’s simple mathematics: the more layers your software is defending, the less likely it is for hackers to exploit its vulnerabilities. - Secure failure –
If your software stops operating, it should fail in a safe state. Although this software is no longer available, it is still necessary to maintain confidentiality and integrity. Therefore, make sure you set a safe default that denies access, undo all changes and restore the system to a safe state in the event of an emergency. - User-friendly security – Custom software designs should include security aspects in a way that does not block UX. If the security mechanism in the software is not prominent, users may turn it off.
Feel free to contact E-SPIN for the solution for your system and operation to reduce risk of your businesses and organization. We can secure and protect your businesses with our various software security technology.