6 Simple principles of secure website design

Simple design usually underlies a successful security mechanism on a web site. Make it more complex than required and the user suffers from a barrage of logins and redirections. Make it too simple and you risk your site being compromised.
The following 6 principles draw on ideas of simplicity and restriction. In the following list the word ‘subject’ can mean program or user and the word ‘object’ can mean a program, file, url.

1. Principle of least privilege:
A subject should be given only those privileges that it needs in order to complete task. The principle of least privilege states that only the minimum access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary.

2. Fail-safe defaults:
Unless a subject is given explicit access to an object, it should be denied access to that object. Design your sites so that when it fails, it fails in a secure manner. For example when an ATM fails, it should shut down, and not spew money out its slot.

For example take the following code in PHP:

$access = $IsAccessAllowed($user); 
if ($access == ERROR_ACCESS_DENIED) 
{ 
// Security check failed.
// Inform user that access is denied. 
} 
else 
{ 
// Security check OK. 
}

The code looks fine, but what if the IsAccessAllowed function fails. The default execution path in the above code is to grant access to the user. A better version is show below. Here the default access is set to ‘DENIED’. Only after IsAccessAllowed is successfully executed and it returns a ‘NO_ERROR’ message is the user allowed access.If for any reason the IsAccessAllowed function fails the default action is to deny access.

$access = ERROR_ACCESS_DENIED; 
$access = $IsAccessAllowed($user); 
if ($access == NO_ERROR) 
{ 
// Secure check OK. 
// Perform task. 
} 
else 
{ 
// Security check failed. 
// Inform user that access is denied. 
}

3. Economy of mechanism:
Security mechanisms should be as simple as possible. Security is like a chain; the weakest link breaks it. Simplicity means fewer links and fewer points of vulnerability.

4. Complete mediation:
All access to objects be checked to ensure that they are allowed. Every access to every object must be checked for authority.

5. Open design:
Security of a mechanism should not depend on the secrecy of its design or implementation.

6. Psychological acceptability:
Security mechanisms should not make the resource more difficult top access than if the security mechanisms were not present. The security mechanism should be designed taking the user in mind. For example; If a user on your website has to set a dozen permissions on his profile page or payment preferences, he will surely give it a miss, thus opening a security hole hackers can exploit.

The details of security mechanism implementation can vary for various web languages like PHP or .NET, but keeping the above principle in mind can go a long way in securing you website.

For more detailed and excellent information you can visit here.

One thought on “6 Simple principles of secure website design

  1. good article.

    can be made better if topics on access privileges can be include with code and few examples.

Comments are closed.