Tuesday, January 24, 2017

Dev-Sec Guideline: Build a positive security model

Guideline: Build a positive security model

Part of: Development Security Guidelines
OverviewBuilding a set of Guidelines for Security and Privacy

Wherever possible security should work based on whitelisting, specifically allowing access (positive model). When whitelisting proofs to be a big impact on maintainability of such list, it may work based on blacklisting (negative model).

This guideline is about things like input validation. When building systems it is wise to think about whether or not you can predict or define certain values that should be allowed. If this is possible, defining a positive security model (or a whitelist) is the most secure way to go. This can be done implicit or explicit.

An example of explicit whitelisting is that, in regard to a date-field, only the value 01/01/1980 is allowed. An example of implicit whitelist is that, again in regard to a date-field, the value needs to comply to the format mm/dd/yyyy. The whitelisting is that the value still has to be a date, but any date will suffice.

Positive security models can also be about allowing specific behavior patterns in applications or websites. It is thus all about defining what may be allowed and ignore the rest.

More information from OWASP about a Positive security model.
More information from Teusink.eu about Input Validation for Web-applications.


Post a Comment