IT:AD:Design:Security
Summary
Notes
STRIDE:
The most known model to understand where a security lap happens is STRIDE. Security Threats of an application can be categorized based on the goals and purposes of the attacks. Providing the brief of these attacks which can be mitigated by ASP.NET application by support from the framework itself. However, a detailed discussion is out of scope of this paper.
Spoofing. Spoofing is providing a false identity to gain access on behalf of others. After the attacker successfully gains access as a legitimate user or host, elevation of privileges or abuse using authorization can begin. The service account implementation can take care of majority of this attack either from the internet as well as intranet/local machine code.
Tampering. Tampering is the unauthorized modification of data. These portions of attack are handled by ASP.NET native implementation. ASP.NET has employed various mechanisms like UI validation, XSS validation, View State encryption, one-way hashing of configuration data to curb those attack.
Repudiation. Repudiation is the ability of users (legitimate or otherwise) to deny that they performed specific actions or transactions. Authentication & authorization matrix will be very good implementation for these kind of attacks.
Information disclosure. Information disclosure is the unwanted exposure of private data. Web pages that contain database connection strings and connection details, and weak exception handling that can lead to internal system level details being revealed to the client. Any of this information can be very useful to the attacker. This is implemented through global.asax error handling modules and interpreting actual exception to a user specific error message. Do not reveal internal system or application details, such as stack traces, — SQL statement fragments, and so on. Ensure that this type of information is not allowed to propagate to the end user or beyond your current trust boundary. Fail securely in the event of an exception, and make sure your application denies access and is not left in an insecure state. Do not log sensitive or private data such as passwords, which could be compromised. When you log or report exceptions, if user input is included in exception messages, validate it or sanitize it. For example, if you return an HTML error message, you should encode the output to avoid script injection.
Denial of service. Denial of service is the process of making a system or application unavailable. We can make sure the TCP/IP stack configuration on your server is hardened to protect against attacks such as SYN floods. So, configure ASP.NET to limit the size of accepted POST requests and to place limits on request execution times.
Elevation of privilege. Elevation of privilege occurs when a user with limited privileges assumes the identity of a privileged user to gain privileged access to an application. So, service account implementation is the backbone of this architecture to provide security over the system.