Primary Security Principles and Concepts
Author : Jiang Weinstein | Published On : 17 Oct 2025
# Chapter a few: Core Security Rules and ConceptsJust before diving further directly into threats and defenses, it's essential to establish the fundamental principles that underlie application security. These types of core concepts will be the compass through which security professionals get around decisions and trade-offs. They help answer why certain adjustments are necessary plus what goals many of us are trying to be able to achieve. Several foundational models and guidelines slowly move the design and even evaluation of secure systems, the almost all famous being the particular CIA triad and associated security principles.
## The CIA Triad – Privacy, Integrity, Availability
At the heart of information security (including application security) are three primary goals:
1. **Confidentiality** – Preventing unauthorized usage of information. Throughout simple terms, maintaining secrets secret. Just those who happen to be authorized (have typically the right credentials or permissions) should get able to view or use sensitive data. According to NIST, confidentiality means "preserving authorized limitations on access and disclosure, including methods for protecting personalized privacy and amazing information"
PTGMEDIA. PEARSONCMG. COM
. Breaches involving confidentiality include phenomena like data escapes, password disclosure, or an attacker studying someone else's e-mail. A real-world instance is an SQL injection attack that will dumps all consumer records from the database: data that will should are actually private is exposed to the attacker. The other regarding confidentiality is disclosure
PTGMEDIA. PEARSONCMG. POSSUINDO
– when info is revealed to individuals not authorized to be able to see it.
2. **Integrity** – Safeguarding data and systems from unauthorized adjustment. Integrity means of which information remains exact and trustworthy, and even that system features are not interfered with. For example, when a banking app displays your consideration balance, integrity actions ensure that a great attacker hasn't illicitly altered that balance either in transportation or in the particular database. Integrity can easily be compromised simply by attacks like tampering (e. g., transforming values in a WEB LINK to access somebody else's data) or even by faulty signal that corrupts data. A classic system to ensure integrity is definitely the utilization of cryptographic hashes or signatures – when a file or message is definitely altered, its trademark will no extended verify. The reverse of integrity is often termed change – data becoming modified or dangerous without authorization
PTGMEDIA. PEARSONCMG. COM
.
three or more. **Availability** – Making sure systems and information are accessible as needed. Even if information is kept secret and unmodified, it's of little work with when the application is definitely down or unapproachable. Availability means that authorized users can easily reliably access typically the application and its functions in some sort of timely manner. Hazards to availability include DoS (Denial associated with Service) attacks, exactly where attackers flood a new server with traffic or exploit the vulnerability to accident the program, making this unavailable to reputable users. Hardware downfalls, network outages, or perhaps even design issues that can't handle top loads are also availability risks. The particular opposite of supply is often identified as destruction or denial – data or perhaps services are destroyed or withheld
PTGMEDIA. PEARSONCMG. COM
. Typically the Morris Worm's effects in 1988 was a stark reminder of the need for availability: it didn't steal or change data, but by looking into making systems crash or slow (denying service), it caused significant damage
CCOE. DSCI. IN
.
These three – confidentiality, integrity, and availability – are sometimes called the "CIA triad" and are considered as the three pillars regarding security. Depending upon the context, a good application might prioritize one over the particular others (for illustration, a public media website primarily loves you that it's obtainable as well as content ethics is maintained, confidentiality is much less of the issue considering that the content is public; alternatively, a messaging iphone app might put discretion at the top of its list). But a protect application ideally need to enforce all three to an appropriate diploma. Many security controls can be recognized as addressing one particular or more of these pillars: encryption aids confidentiality (by striving data so just authorized can read it), checksums plus audit logs support integrity, and redundancy or failover techniques support availability.
## The DAD Triad (Opposites of CIA)
Sometimes it's helpful to remember the flip side of the CIA triad, often called FATHER:
- **Disclosure** – Unauthorized access to information (breach regarding confidentiality).
- **Alteration** – Unauthorized transform of information (breach of integrity).
- **Destruction/Denial** – Unauthorized damage info or refusal of service (breach of availability).
Safety measures efforts aim to prevent DAD outcomes and uphold CIA. A single harm can involve numerous of these aspects. Such as, a ransomware attack might both disclose data (if the attacker steals a copy) and even deny availability (by encrypting the victim's copy, locking them out). A internet exploit might modify data within a database and thereby break the rules of integrity, and so on.
## Authentication, Authorization, plus Accountability (AAA)
Throughout securing applications, specifically multi-user systems, we all rely on extra fundamental concepts also known as AAA:
1. **Authentication** – Verifying the particular identity of an user or technique. Whenever you log inside with an account information (or more securely with multi-factor authentication), the system will be authenticating you – ensuring you are who you claim to be. Authentication answers the issue: Who will be you? Frequent methods include accounts, biometric scans, cryptographic keys, or bridal party. A core principle is the fact authentication ought to be sufficiently strong to thwart impersonation. Weakened authentication (like effortlessly guessable passwords or no authentication high should be) is a frequent cause involving breaches.
2. **Authorization** – Once id is established, authorization handles what actions or data the verified entity is granted to access. That answers: What are a person allowed to do? For example, following you sign in, a good online banking software will authorize you to see your individual account details nevertheless not someone else's. Authorization typically involves defining roles or permissions. The susceptability, Broken Access Manage, occurs when these types of checks fail – say, an attacker finds that simply by changing a list USERNAME in an WEB LINK they can watch another user's info because the application isn't properly verifying their own authorization. In simple fact, Broken Access Handle was recognized as the particular number one internet application risk inside the 2021 OWASP Top 10, present in 94% of programs tested
IMPERVA. APRESENTANDO
, illustrating how predominanent and important proper authorization is.
3. **Accountability** (and Auditing) – This appertains to the ability to search for actions in typically the system to the liable entity, which often indicates having proper visiting and audit tracks. If something should go wrong or suspicious activity is recognized, we need to know who would what. Accountability is usually achieved through working of user steps, and by having tamper-evident records. It works hand-in-hand with authentication (you can simply hold someone accountable once you know which accounts was performing an action) and along with integrity (logs by themselves must be protected from alteration). Inside application security, establishing good logging in addition to monitoring is crucial for both finding incidents and executing forensic analysis after an incident. While we'll discuss found in a later part, insufficient logging plus monitoring can allow breaches to go unknown – OWASP provides this as one other top ten issue, observing that without correct logs, organizations may fail to discover an attack right up until it's far also late
IMPERVA. COM
IMPERVA. APRESENTANDO
.
Sometimes you'll notice an expanded acronym like IAAA (Identification, Authentication, Authorization, Accountability) which just breaks out identification (the claim of personality, e. g. getting into username, before real authentication via password) as a separate step. But bad code smells continue to be a similar. A safeguarded application typically enforces strong authentication, tight authorization checks intended for every request, and maintains logs for accountability.
## Basic principle of Least Benefit
One of typically the most important design and style principles in protection is to give each user or even component the lowest privileges necessary to perform its purpose, with out more. This specific is the rule of least opportunity. In practice, it means if an program has multiple jobs (say admin versus regular user), the particular regular user accounts should have simply no capacity to perform admin-only actions. If some sort of web application requirements to access the database, the repository account it employs needs to have permissions simply for the actual furniture and operations needed – such as, when the app never ever needs to remove data, the DIE BAHN account shouldn't even have the DELETE privilege. By decreasing privileges, whether or not the attacker compromises a great user account or perhaps a component, destruction is contained.
A stark example of certainly not following least benefit was the Money One breach regarding 2019: a misconfigured cloud permission granted a compromised element (a web app firewall) to access all data by an S3 storage space bucket, whereas in the event that that component had been limited in order to only a few data, the particular breach impact might have been far smaller
KREBSONSECURITY. POSSUINDO
KREBSONSECURITY. APRESENTANDO
. Least privilege in addition applies on the program code level: in case a component or microservice doesn't need certain accessibility, it shouldn't need it. Modern textbox orchestration and impair IAM systems make it easier to implement granular privileges, although it requires thoughtful design.
## Protection in Depth
This specific principle suggests of which security should become implemented in overlapping layers, to ensure that in the event that one layer falls flat, others still supply protection. Basically, don't rely on any single security control; assume it could be bypassed, plus have additional mitigations in place. Intended for an application, protection in depth may mean: you validate inputs on typically the client side for usability, but an individual also validate these people on the server side (in case an attacker bypasses your customer check). You secure the database behind an internal fire wall, but the truth is also create code that investigations user permissions prior to queries (assuming a great attacker might infringement the network). If using encryption, a person might encrypt hypersensitive data inside the repository, but also impose access controls at the application layer plus monitor for strange query patterns. Defense in depth is usually like the levels of an red onion – an attacker who gets through one layer ought to immediately face another. This approach counters the reality that no solitary defense is foolproof.
For example, imagine an application depends on a website application firewall (WAF) to block SQL injection attempts. Defense thorough would dispute the applying should nonetheless use safe coding practices (like parameterized queries) to sanitize inputs, in situation the WAF yearns for a novel harm. A real circumstance highlighting this was basically the case of certain web shells or perhaps injection attacks that will were not known by security filters – the internal application controls next served as the final backstop.
## Secure by Design and style and Secure by Default
These associated principles emphasize generating security an important consideration from typically the start of design, and choosing secure defaults. "Secure by design" means you want the system structure with security inside of mind – regarding instance, segregating hypersensitive components, using proven frameworks, and taking into consideration how each style decision could bring in risk. "Secure by default" means when the system is deployed, it may default in order to the best configurations, requiring deliberate activity to make that less secure (rather compared to the other way around).
An illustration is default bank account policy: a firmly designed application may possibly ship without default admin password (forcing the installer in order to set a robust one) – as opposed to having a well-known default username and password that users might forget to transform. Historically, standalone pull requests are not safe by default; they'd install with wide open permissions or example databases or debug modes active, in case an admin neglected to lock them straight down, it left holes for attackers. Over time, vendors learned in order to invert this: at this point, databases and systems often come together with secure configurations away of the pack (e. g., remote control access disabled, sample users removed), in addition to it's up in order to the admin to be able to loosen if definitely needed.
For builders, secure defaults mean choosing safe collection functions by standard (e. g., standard to parameterized questions, default to output encoding for web templates, etc. ). It also signifies fail safe – if a part fails, it have to fail within a secure closed state quite than an unconfident open state. For instance, if an authentication service times out, a secure-by-default deal with would deny entry (fail closed) somewhat than allow this.
## Privacy simply by Design
This concept, closely related to safety by design, provides gained prominence especially with laws like GDPR. It means that will applications should end up being designed not only to always be secure, but for regard users' privacy coming from the ground up. In practice, this may possibly involve data minimization (collecting only exactly what is necessary), visibility (users know precisely what data is collected), and giving users control of their files. While privacy will be a distinct domain name, it overlaps greatly with security: you can't have personal privacy if you can't secure the personalized data you're responsible for. Most of the worst data breaches (like those at credit score bureaus, health insurers, etc. ) will be devastating not only due to security malfunction but because they violate the privacy of millions of people. Thus, modern program security often functions hand in hand with privacy concerns.
## Threat Modeling
The practice within secure design is usually threat modeling – thinking like a good attacker to foresee what could go wrong. During threat building, architects and designers systematically go all the way through the type of the application to discover potential threats and even vulnerabilities. They inquire questions like: Precisely what are we developing? What can get wrong? What is going to all of us do about this? One particular well-known methodology intended for threat modeling is STRIDE, developed at Microsoft, which stalls for six types of threats: Spoofing identification, Tampering with files, Repudiation (deniability involving actions), Information disclosure, Denial of assistance, and Elevation of privilege.
By jogging through each element of a system and considering STRIDE risks, teams can reveal dangers that may possibly not be clear at first glimpse. For example, think about a simple online salaries application. Threat recreating might reveal of which: an attacker could spoof an employee's identity by guessing the session symbol (so we want strong randomness), could tamper with income values via the vulnerable parameter (so we need type validation and server-side checks), could execute actions and afterwards deny them (so we want good audit logs to avoid repudiation), could exploit an information disclosure bug in a good error message to be able to glean sensitive details (so we need to have user-friendly but imprecise errors), might test denial of assistance by submitting a huge file or heavy query (so we need price limiting and source quotas), or try to elevate benefit by accessing administrator functionality (so many of us need robust accessibility control checks). Through this process, protection requirements and countermeasures become much more clear.
Threat modeling is ideally done early in development (during the style phase) as a result that security will be built in in the first place, aligning with the "secure by design" philosophy. It's an evolving practice – modern threat which might also consider maltreatment cases (how may the system end up being misused beyond the intended threat model) and involve adversarial thinking exercises. We'll see its importance again when discussing specific vulnerabilities in addition to how developers may foresee and stop them.
## Hazard Management
Not every safety issue is similarly critical, and sources are always partial. So another strategy that permeates application security is risk management. This involves examining the possibilities of a menace plus the impact had been it to take place. Risk is normally informally considered as an event of these two: a vulnerability that's easy to exploit plus would cause serious damage is substantial risk; one that's theoretical or would certainly have minimal effects might be decrease risk. Organizations generally perform risk assessments to prioritize their security efforts. Intended for example, an on the web retailer might identify the risk regarding credit card robbery (through SQL shot or XSS ultimately causing session hijacking) is very high, and hence invest heavily inside of preventing those, whilst the chance of someone triggering minor defacement about a less-used page might be acknowledged or handled using lower priority.
Frames like NIST's or even ISO 27001's risikomanagement guidelines help inside systematically evaluating and even treating risks – whether by excuse them, accepting them, transferring them (insurance), or avoiding all of them by changing business practices.
One tangible response to risk administration in application security is the generation of a threat matrix or chance register where prospective threats are listed along with their severity. This kind of helps drive decisions like which bugs to fix very first or where to allocate more screening effort. It's in addition reflected in plot management: if a new vulnerability is announced, teams can assess the danger to their program – is that exposed to that will vulnerability, how extreme is it – to choose how urgently to make use of the spot or workaround.
## Security vs. User friendliness vs. Cost
A discussion of rules wouldn't be full without acknowledging the real-world balancing action. Security measures could introduce friction or even cost. Strong authentication might mean a lot more steps for an end user (like 2FA codes); encryption might slow down performance somewhat; extensive logging may raise storage fees. A principle to adhere to is to seek stability and proportionality – security should get commensurate with the particular value of what's being protected. Extremely burdensome security that will frustrates users could be counterproductive (users will dsicover unsafe workarounds, for instance). The art of application safety is finding remedies that mitigate dangers while preserving a good user knowledge and reasonable expense. Fortunately, with modern techniques, many safety measures can always be made quite seamless – for illustration, single sign-on alternatives can improve equally security (fewer passwords) and usability, and even efficient cryptographic your local library make encryption rarely noticeable in terms of overall performance.
In summary, these kinds of fundamental principles – CIA, AAA, least privilege, defense comprehensive, secure by design/default, privacy considerations, risk modeling, and risikomanagement – form the particular mental framework intended for any security-conscious practitioner. They will look repeatedly throughout information as we analyze specific technologies plus scenarios. Whenever you are unsure about a security decision, coming back to these basics (e. g., "Am We protecting confidentiality? Are we validating sincerity? Are we reducing privileges? Do we have multiple layers of defense? ") could guide you to some more secure final result.
With these principles inside mind, we could at this point explore the specific threats and vulnerabilities of which plague applications, in addition to how to guard against them.
