Security First Approach

Security First Approach

When designing systems, always consider security as a first principle. Think like an attacker: what data might the system or service expose, and how can you prevent unauthorized access?

Secure coding practices

A basic background in secure coding practices is available from here https://mlhale.github.io/nebraska-gencyber-modules/intro_to_first_principles/README/

In particular, consider Domain Separation, Least Privilege and Simplicity as key factors in your software design.

• Never design your own security or encryption mechanism - these should be left to the experts, instead adopt well known and tested libraries such as OpenSSL or Microsoft Crypto.
• Your code must only be given enough privilege to operate (least privilege) - if it doesn’t require access to a database or network folder, don’t grant it permission.
• Keep things simple and avoid complexity, as it becomes increasingly difficult to test complex systems and prove they are secure.

Regular Security Reviews/Upgrades

You must regularly update the software to include the latest security fixes of 3rd party libraries such as the .NET framework and the various NUGET/NPM packages that exist.

These should be regularly tested and deployed even if no other code changes are required to maintain a secure and cared for environmentTesting Tools

Use security testing tools such as AppCheck and SonarQube to verify that your code and its dependencies are free from vulnerabilities and operating as intended.