After reading chapter 1, compare and contrast two fundamental security design principles. Analyze how these principles and how they impact an organizations security posture.
The security principles are necessary for securing any organizations. I would like to discuss about the below two fundamental security design principles such as Keep security simple and Fix security issues correctly
Keep security simple
Attack surface area and simplicity go hand in hand. Certain software engineering fads prefer overly complex approaches to what would otherwise be relatively straightforward and simple code.
Developers should avoid the use of double negatives and complex architectures when a simpler approach would be faster and simpler. (Saltzer, J. H., & Kaashoek, F. 2009). Complex design is never easy to understand.
For example, although it might be fashionable to have a slew of singleton entity beans running on a separate middleware server, it is more secure and faster to simply use global variables with an appropriate mutex mechanism to protect against race conditions.
Fix security issues correctly
Once a security issue has been identified, it is important to develop a test for it, and to understand the root cause of the issue. When design patterns are used, it is likely that the security issue is widespread amongst all code bases, so developing the right fix without introducing regressions is essential.
For example, a user has found that they can see another user’s balance by adjusting their cookie. The fix seems to be relatively straightforward, but as the cookie handling code is shared among all applications, a change to just one application will trickle through to all other applications. The fix must therefore be tested on all affected applications. (Kalet, I. 2013).