April 19, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Security in Application Design, Page 2

  • October 26, 2005
  • By Chad Cook
  • Send Email »
  • More Articles »

Input Validation

Input validation is a commonly discussed aspect, and is an essential component of application development. The ability to validate input data can be accomplished only if the application design sets the rules for all forms of data input and interaction. Flexible designs often have common layers and libraries for validating input that can easily be plugged into any module that receives or transmits data.

Data Protection

Data protection refers to the fact that there are differing classes of data within any application. Some types of data are not sensitive and require no privacy protection. Other types of data would be considered extremely sensitive and would benefit from some form of privacy. Aspects of privacy that the application designer should look at are:

  • Memory separation and isolation: consider moving sensitive information to isolated processes, hardware, or systems.
  • Encryption of stored or in-memory data: the use of encryption can enhance the security of an application, especially where the exposure of critical data has widespread negative effects (compliance, legal, and safety).

Summary

The security of an application begins at design time, and should be carried all the way through development. When looking at security, look at it on many levels, including security-specific functionality, usage of the application, and processing within the application. Analyze the environment of the application, including the networks, systems, and applications that interact with your own application to understand points of exposure and risk.

Use the guidelines here as an impetus to think and analyze at a deeper level about what your application is going to do, how it will respond to many different scenarios, and how you can enhance the security by spending a little more time designing. Look for future articles that cover possible designs and models that you can use in your applications.

About the Author

Chad Cook has spent over a dozen years in Information Security that include both product engineering and IT services. Chad has developed IT service security strategies, networks and policies for organizations including BBN and GTE Internetworking, Infolibria, and the international security consulting firm, @stake/Symantec. He has architected and developed security technology for award-winning networking products sold worldwide, including core routers, edge devices, utility hosting systems and web services security devices. Chad has nine patents applied for and pending on security analysis, modeling techniques, and security processing acceleration.

Currently, Chad is the VP of Information Security at Lime Group, a New York securities and brokerage organization, where he leads product architecture, infrastructure security and compliance efforts. Prior to Lime Group, he designed and developed security risk management and threat modeling products as CTO at Black Dragon Software. Chad has held lead engineering and security positions developing products at BBN, Infolibria, Forum Systems, and Zetari, Inc. Chad is an internationally published author on security topics having contributed to two books, Maximum Security, 3rd and 4th editions, has been featured in numerous articles and also has written articles for Symantec's SecurityFocus.com.

A frequent speaker, Chad has spoken at NATO and United Nations forums on security, numerous conferences, analyst's events and security summits.



Page 2 of 2



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel