Web Application Security Design Guide

Content of this module

Web applications pose a series of complex security problems for structural designers, designers, and developers. The safest and most capable Web applications to defend against attacks are those built by the application security ideology.

In the initial stage of design, reliable architecture and design methods should be used, and Application Deployment and enterprise security policies should be taken into account. If this is not done, security will inevitably be compromised when applications are deployed on the existing infrastructure.

This module provides a series of security architecture and design guidelines, and is organized according to common application vulnerability categories. These guidelines are important aspects of Web Application Security and are common errors.

Target

This module can be used:

•	Determine important architecture and design issues for Secure Web applications.
•	Consider important deployment issues during design.
•	Develop policies that enhance Web application input verification.
•	Design secure authentication and session management mechanisms.
•	Select an appropriate authorization model.
•	Implements effective account management methods and protects user sessions.
•	Encrypts privacy, approval, tampering prevention, and authentication information.
•	Prevent parameter operations.
•	Design audit and record policies.

Applicability

Although the content of this module is included in the ASP. NET Security Manual, it is applicable to all persons interested in developing secure Web applications.

How to use this module

This module provides guidance and principles that should be followed when designing applications.

To fully understand the content of this module, please:

•	Understand the threats to your application to ensure that these issues are addressed through programming. Read module 2 Threats and Countermeasures to understand the threats that need to be considered. Module 2 lists the factors that may harm the application. These threats should be taken into account in the programming stage.
•	The method of the application system is an important part of the application's vulnerable situation. Focuses on program deployment, input verification, authentication and authorization, encryption and data sensitivity, configuration, session, exception management, and appropriate audit and record policies, to ensure the application is responsible.

Architecture and Design of Web Applications

Web applications pose many challenges to designers and developers. HTTP is borderless, which means that it is the responsibility of the application to track the session Status of each user. As a leader, applications must be able to identify users through some form of authentication. All subsequent authorization decisions must be based on the user's identity. Therefore, the authentication process must be secure and the session processing mechanism used to track authenticated users must be well protected. The Design of secure authentication and session management mechanisms is only one of the many problems faced by Web Application designers and developers. As the input and output data must be transmitted on the public network, there are other challenges. Preventing parameter operations and sensitive data leakage is another important issue.

Figure 4.1 lists other important issues that must be addressed in the security design method.

Fig 4.1
Web Application Design Problems

The design guide in this module is organized according to the application vulnerability category. Practical experience shows that security vulnerabilities may occur if the design in these fields is weak. Table 4.1 lists the categories of vulnerabilities, each of which highlights potential problems caused by improper design.

4.1:Web application vulnerabilities and potential problems caused by improper design

Vulnerability category	Potential problems caused by improper design
Input verification	Attacks that embed malicious strings in the query string, form field, cookie, and HTTP header. These attacks include command execution, cross-site scripting (XSS), SQL injection, and buffer overflow attacks.
Authentication	Identify spoofing, password cracking, privilege escalation, and unauthorized access.
Authorization	Access confidential or restricted data, tamper with data, and perform unauthorized operations.
Configuration Management	Unauthorized access to the management interface, the ability to Update Configuration data, and unauthorized access to user accounts and account configuration files.
Sensitive data	Leaks confidential information and data tampering.
Session management	Captures session identifiers, resulting in session hijacking and identity spoofing.
Encryption	Access confidential data or account creden。, or both.
Parameter operations	Path traversal attacks, command execution, and bypassing access control mechanisms lead to information leakage, privilege escalation, and denial of service.
Exception management	Leakage of denial of service and sensitive system-level details.
Review and record	No signs of intrusion, no user verification, and difficulties in diagnosing problems.

Deployment considerations

In the application design phase, the company's security policies and procedures and the infrastructure for deploying the applications should be taken into account. In general, the target environment is fixed, and the application design must reflect these constraints. Sometimes it is necessary to compromise the design scheme, for example, due to protocol and port restrictions, or the requirements for a specific deployment topology. In the initial stage of the design, determine the constraints to avoid future development exceptions. In addition, members of the network and infrastructure working group should be invited to participate in the process.

Figure 4.2 shows several program deployment issues that need to be considered during the program design phase.

Fig 4.2
Deployment considerations

Security policies and procedures

The security policy determines which operations are allowed by the application and its users. More importantly, security policies define some limits to determine which operations are not allowed by applications and their users. When designing an application, you should identify and work within the framework defined by the company's security policy to ensure that you do not violate the policy to prevent application deployment.

Basic Network Components

Make sure that you understand the network structure provided by the target environment and the basic security requirements of the network, such as filtering rules, port restrictions, and supported protocols.

Determine how firewall and firewall policies may affect application design and deployment. There may be firewalls between Internet-oriented applications and internal networks to separate them. There may also be other firewalls used to protect the database. These firewalls affect available communication ports, thus affecting the authentication options for Web servers to remote applications and database servers. For example, a port is required for Windows authentication.

During the design phase, you need to consider which protocols, ports, and services are allowed to access internal resources from the Web servers in the peripheral network. Protocols and ports required for application design should also be identified and potential threats to opening new ports or using the new Council should be analyzed.

Communicate and record all ideas about network and application layer security and what components will handle and what problems. In this way, when both developers and network administrators think that the other party will solve security problems, they can prevent security control failures. Pay attention to the security measures provided by the Network for applications. Imagine what security risks may occur if you change the network settings. How many security issues will occur if a specific network structure is changed?