@@ -229,36 +229,96 @@ CodeIgniter provisions
229229A04:2021 Insecure Design
230230************************
231231
232- @TODO
232+ Insecure design is a broad category representing different weaknesses, expressed
233+ as “missing or ineffective control design.” Insecure design is not the source for
234+ all other Top 10 risk categories. There is a difference between insecure design
235+ and insecure implementation. We differentiate between design flaws and implementation
236+ defects for a reason, they have different root causes and remediation.
237+
238+ A secure design can still have implementation defects leading to vulnerabilities
239+ that may be exploited. An insecure design cannot be fixed by a perfect implementation
240+ as by definition, needed security controls were never created to defend against
241+ specific attacks. One of the factors that contribute to insecure design is the
242+ lack of business risk profiling inherent in the software or system being developed,
243+ and thus the failure to determine what level of security design is required.
233244
234245OWASP recommendations
235246=====================
236247
237- - @TODO
248+ - Establish and use a secure development lifecycle with AppSec professionals to
249+ help evaluate and design security and privacy-related controls
250+ - Establish and use a library of secure design patterns or paved road ready to
251+ use components
252+ - Use threat modeling for critical authentication, access control, business logic,
253+ and key flows
254+ - Integrate security language and controls into user stories
255+ - Integrate plausibility checks at each tier of your application (from frontend
256+ to backend)
257+ - Write unit and integration tests to validate that all critical flows are resistant
258+ to the threat model. Compile use-cases and misuse-cases for each tier of your
259+ application.
260+ - Segregate tier layers on the system and network layers depending on the exposure
261+ and protection needs
262+ - Segregate tenants robustly by design throughout all tiers
263+ - Limit resource consumption by user or service
238264
239265CodeIgniter provisions
240266======================
241267
242- - @TODO
268+ - :doc: `PHPUnit testing <../testing/overview >`
269+ - :doc: `../libraries/throttler ` for rate limit
270+ - An official authentication and authorization framework :ref: `CodeIgniter Shield <shield >`
243271
244272**********************************
245273A05:2021 Security Misconfiguration
246274**********************************
247275
248- Improper configuration of an application architecture can lead to mistakes
249- that might compromise the security of the whole architecture.
276+ The application might be vulnerable if the application is:
277+
278+ - Missing appropriate security hardening across any part of the application stack
279+ or improperly configured permissions on cloud services.
280+ - Unnecessary features are enabled or installed (e.g., unnecessary ports, services,
281+ pages, accounts, or privileges).
282+ - Default accounts and their passwords are still enabled and unchanged.
283+ - Error handling reveals stack traces or other overly informative error messages
284+ to users.
285+ - For upgraded systems, the latest security features are disabled or not configured
286+ securely.
287+ - The security settings in the application servers, application frameworks (e.g.,
288+ Struts, Spring, ASP.NET), libraries, databases, etc., are not set to secure values.
289+ - The server does not send security headers or directives, or they are not set to
290+ secure values.
291+ - The software is out of date or vulnerable (see A06:2021-Vulnerable and Outdated
292+ Components).
293+
250294
251295OWASP recommendations
252296=====================
253297
254- - Presentation: harden web and application servers; use HTTP strict transport security
255- - Controller: harden web and application servers; protect your XML stack
256- - Model: harden database servers
298+ Secure installation processes should be implemented, including:
299+
300+ - A repeatable hardening process makes it fast and easy to deploy another environment
301+ that is appropriately locked down. Development, QA, and production environments
302+ should all be configured identically, with different credentials used in each
303+ environment. This process should be automated to minimize the effort required
304+ to set up a new secure environment.
305+ - A minimal platform without any unnecessary features, components, documentation,
306+ and samples. Remove or do not install unused features and frameworks.
307+ - A task to review and update the configurations appropriate to all security notes,
308+ updates, and patches as part of the patch management process (see A06:2021-Vulnerable
309+ and Outdated Components). Review cloud storage permissions (e.g., S3 bucket permissions).
310+ - A segmented application architecture provides effective and secure separation
311+ between components or tenants, with segmentation, containerization, or cloud
312+ security groups (ACLs).
313+ - Sending security directives to clients, e.g., Security Headers.
314+ - An automated process to verify the effectiveness of the configurations and
315+ settings in all environments.
257316
258317CodeIgniter provisions
259318======================
260319
261- - Sanity checks during bootstrap
320+ - :ref: `Production mode <environment-constant >` by default
321+ - :ref: `secureheaders ` filter
262322
263323*******************************************
264324A06:2021 Vulnerable and Outdated Components
0 commit comments