Applications should be designed, built, and deployed with security in mind. In the development
phase, focus should be placed on the following tenets:
■ Least privilege
■ Modularization
The principle of least privilege means an application should be limited to the least amount
of access possible. In other words, to prevent an attacker from accessing it, the application
should not run as root or administrator unless it is absolutely necessary. You should develop
a modular, multiple - tier application that runs on more than one server. This ensures better
security for the application. A three - tier application is a great example of this. Setting up the
application as a set of layers makes it much harder for a hacker to gain access — there are
three layers to get through. The three tier application works like this:
■ The web layer is offered to the public, for example. This might live on an
Internet DMZ.
■ The middleware layer could be on the Internet DMZ also, but it could live inside the
core network too.
■ The database layer usually has a firewall protecting it separately.
As you have seen, one layer of security isn ’ t enough. You need to use multiple levels so
that if any one layer of security is compromised, there is another way to thwart the attack.
This multilayered approach is sometimes referred to as defense in depth.
To round out our discussion of application security, here are some of the key methods
for securing your application:
■ Use application access controls.
■ It is important to encrypt sensitive data such as personal data and credit card numbers,
both while in transit and also while at rest, such as in a database.
■ When you are programming, it is important to perform input filtering, both on the
server side and on the client side. You cannot assume that users of the application are
going to enter only those parameters that you are expecting. If there are characters that
exceed the input length, you will want to filter those as well as any type of character
(such as a control code) you would not be expecting. This prevents unexpected results
and also prevents commands from being sent to a database to do injection attacks.