Design Shutters - Part 1
?
The design of software application should entail cybersecurity considerations. Like the patterns defined for describing “Elements of Reusable Object Oriented Software” (see [1]), there are reusable practices that could constitute valid obstacles for the attackers.
?
?
Framework
These elements could be arranged in a practical framework:?
There are 4 layers of practices to be put in place:
?Cybersecurity: considerations about people (attackers), company (business and organization) and evaluation of possible damages.
?Weaknesses: issues about vulnerabilities and misconfigurations of adopted libraries, middleware and environments.
?Architectures: integration with functional components external to the application.
?Coding: usual errors to avoid: BOF (Buffer OverFlow), UAF (Use After Free) and Input Validation.
?
Activities
Each layer owns 5 types of activities to undertake for ensuring the activations of shutters in front of the attackers, as below:?
·Know (6 elements): know the cases with which to manage the layer.
?Reduce (5 elements): areas of intervention in the layer.
?Evaluate (3 elements): risk assessment in the layer.
?Execute (4 elements): risk management options.
?Process (2 elements): corresponding processes in DevOps (or DevSecOps).
+ proper KPIs, for instructing proper Governance.
?
That leads to 21 elements, as the first version of “Design Patterns” and as in the [2]
?
References
?
[1]
“Design Patterns: Elements of Reusable Object-Oriented Software”, March 14th, 1995
by ?Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides
[2]
“Il Sistema Periodico”, 1975, by Primo Levi
?