Elements of server class application - Part I

When it comes to architecting server class application, following becomes very fundamental building blocks of the design framework. They are,

          Security

          Performance & Scalability

          Maintainability & Supportability

Security is not a static field—it constantly evolves as attackers attack, defenders defend, and each party learns more about the other's techniques. Security issues are not primarily coding issue; rather it lies in the design flaws. In my previous blog ‘Security in Vista – one step ahead’, I have talked about the significance of Microsoft’s Security Development Lifecycle. I reiterate here the same here, but in little more detail. Security development lifecycle SDL process contains two vital parts namely,

          Threat modeling

          Attack surface analysis

Threat modeling aims at uncovering potential design weaknesses and determines software's attack surface. Make sure that all material threats are mitigated and that the attack surface is as small as possible. Attack surface analysis focuses on which portions of a software product are exposed to un-trusted user be they local or remote. Read more at https://msdn.microsoft.com/msdnmag/issues/04/11/AttackSurface. This interesting msdn magazine article under the column ‘Trustworthy computing’ contains the lessons learned from five years of building more secure software - https://msdn2.microsoft.com/en-us/magazine/cc163310.aspx.  

In development phase, code review becomes inevitable to capture security related issues. Michael Howard, Principal Security Program Manager at Microsoft in this blog has described a process for performing security code review - https://blogs.msdn.com/michael_howard/archive/2006/08/01/686029.aspx. Here is what all the developer can do to identify security loopholes and develop software by examining the environment the code runs in, considering the roles of the users who will run it, and studying the history of any security issues the code may have had. Follow these expert tips to find security defects in the code - https://msdn2.microsoft.com/en-us/magazine/cc164056.aspx.

Expert Tips for Finding Security Defects in Your Code

Allocating Time and Effort

Buffer Overruns in C and C++

Integer Overflows in C and C++

Database Access Code in Any Language

Web Page Code in Any Language

Secrets and Cryptography in Any Language

ActiveX Controls in Visual Basic and C++

Security experts Michael Howard and Keith Brown present 10 security tips that every developer must know – https://msdn2.microsoft.com/en-us/magazine/cc188938.aspx.

1. Trust User Input at Your Own Peril

2. Protect Against Buffer Overruns

3. Prevent Cross-site Scripting

4. Don't Require sa Permissions

5. Watch that Crypto Code!

6. Reduce Your Attack Profile

7. Employ the Principle of Least Privilege

8. Pay Attention to Failure Modes

9. Impersonation is Fragile

10. Write Apps that Non-admins Can Actually Use

Security best practices being implemented in design and code should become a habit than an approach. Here in this article, Howard lists 8 simple rules or habits for developing more secure code.

Habit #1: Take Responsibility
Habit #2: Never Trust Data
Habit #3: Model Threats against Your Code
Habit #4: Stay One Step ahead
Habit #5: Fuzz!
Habit #6: Don't Write Insecure Code
Habit #7: Recognize the Strategic Asymmetry
Habit #8: Use the Best Tools You Can

For more details on the above 8 habits - https://msdn2.microsoft.com/en-us/magazine/cc163518.aspx.

Software built in C and C++ needs special attention in terms of security issues. Buffer overrun - There are a number of reasons for the many buffer overruns in production C and C++ code. The languages provide direct access to vulnerable memory. Second, developers make mistakes. And third, there are normally no defenses offered by compilers. Following are the defenses provided by Visual C++ toolset:

Stack-based Buffer Overrun Detection (/GS)

Safe Exception Handling (/SafeSEH)

Data Execution Prevention (DEP) Compatibility (/NXCompat)

Image Randomization (/DynamicBase)

Automatic use of safer function calls

C++ operator::new

This article tells about ways to protect the code with VC++ defenses - https://msdn2.microsoft.com/en-us/magazine/cc337897.aspx.

For building more secured web applications, lot of detailed information, best practices and guidance are available in these popular books.

          Building Secure ASP.NET Applications

          Improving Web Application Security: Threats and Countermeasures

The above is from our famous Patterns & Practices and thanks to J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan for their wonderful books. The books are also available for download. Refer these links to get more details on this - https://msdn2.microsoft.com/en-us/library/aa302415.aspx and https://msdn2.microsoft.com/en-us/library/ms994921.aspx.

For most recent updates on security, watch this link - https://msdn2.microsoft.com/en-us/security/default.aspx.