Question

a. List the four pillars of Software security and briefly explain how they contribute to overall security of a system.

b. Give an example and demonstrate how input data validation can be implemented in secure software design.

c. Briefly explain the design factors one must consider while developing secure coding.

Answer 1

a. Four software security pillars:

Risk management:

For software security, risk management deals with methods required to manage and identify all sorts of risks. These risks are then controlled before they evolve into something else. This usually happens in the development process. This is useful for having a secure product in the end.

Touchpionts:

There are different touchpoints necessary to build a secure software. Some of these are reviewing code, penetration testing, operations related to security, etc. These make sure that the software is functioning properly and under correct circumstances.

Knowledge:

Knowledge is very important for any field. The success of software security depends highly on the knowledge about vulnerabilities and ways to optimize it to remove those vulnerabilities. There are different tools used for that as well.

People:

The cooperation of human beings is very important and team work can decide the software security success as well. If the people involved are highly experts in their matter and communicate well, they can easily work out any situation.

b. Secure software design and input data validation:

Input data validation is very important for secure design of the software. It is one of the best methods for coding irrespective of the language used. It aims at configuring all types of input fields and accepting different types of input with specific length.

Some examples of input data validation are verification of inputted characters, boundary value implementation, and range checking.

Data validation plays a big role in modification of input by the code. It is necessary to use it to increase the code security.

c. Design factors for secure coding:

• A process in the code should be allowed only those paths that are essential for it to finish the task at hand.
• The design should be kept simple and inconsistencies should be avoided.
• All the resources should be accessed and permissions should be verified.
• There should be open design and no secrecy in order to achieve security.
• The code should be divided into modules and these modules should be given different permissions.