The security of an application, network or operating system, and their associated functionalities relies primarily on their architecture and design. Which is why an Architecture and Design review is critical in helping you analyze and validate your organization’s overall security. We recommend that this security review be undertaken at the outset, when you set out to design your applications for instance, and before deployment. This will allow you to identify and rectify potential vulnerabilities before they are exploited. The cost and effort of a review, and resultant changes to architecture and design post-deployment can be high.
The goal of an Architecture and Design review is to assess applications and the network from a security perspective, ensuring that flaws are uncovered before they develop into vulnerabilities. Some of the aspects that are reviewed include, but are not limited to, trust boundaries, data flow, entry points, and privileged code. An ideal Architecture and Design review happens at multiple levels—network, operating system, web server and web application.
The best reviews kick off with a Threat Model, built to identify and list the key threats. Threat modeling is a structured way of identifying, measuring, quantifying, and addressing security risks from an attacker’s perspective. Most importantly, the Threat Model prioritizes threats in terms of their criticality, thus ensuring that time, money and effort are directed towards those threats that have the potential to cause considerable damage.
Your review process should cover:
• The security policy of the organization and how this applies to, and is incorporated within the systems and applications
• Business requirements to ensure that they incorporate supporting security requirements
• Compliance with the regulations that apply to your business, and controls that facilitate this compliance
• Data flows and network topology
• Intrusion points, routers and firewalls
• The technologies and tools that the solution uses and any inherent vulnerabilities in them
• Application security controls and their implementation
• Administration, management, and provisioning
• VPN and remote access
• Web farms, if any
• Disaster recovery plan and processes
A Secure Architecture and Design Review: Must Do’s
- Review the design of your application in the context of its deployment environment. This is especially important since the target deployment environment will have its own set of security policies, and security restrictions imposed by the underlying infrastructure layer security. Considering these upfront and planning for them during the application design process will help ensure a seamless and secure application deployment.
- Review how critical elements in your application environment—such as authentication, authorization, data validation, etc.—are approached.
- Review all the logical layers (presentation, business and data) using a methodical and tiered approach.
- Review any third party data that flow into your systems.
- Use a checklist that helps you evaluate the high-level architecture and design decisions. However, remember to iterate and evolve your checklist based on the unique aspects of your application’s architecture, or as your design evolves.
As mentioned at the beginning, it is ideal and preferable to perform an Architecture and Design security review before developing and deploying your systems. However, this is not to say that one cannot be done for existing applications. You may choose to undertake such a review for any reason—to comply with emerging standards, to validate security around critical business operations, etc. Even when conducted at a later stage, this review is an effective way to not only validate security processes around your applications or network infrastructure (new and existing), but also to identify potential vulnerabilities within the overall organization. Additionally, the review can go a long way in helping you improve future designs.
Manoj Rai has around 14 years of IT experience in Enterprise Applications, Mobile and Infrastructure security. Has rich and diverse global experience in leading large engagements and building deep technology expertise in security testing domain.
Manoj is a Bachelor of Engineering in Computer Science with MBA in Systems and Executive Delivery Program from IIM-Bangalore. A regular speaker on various technical subjects like Ethical Hacking, Mobile security, Secure SDLC and Cloud Security areas in CISO platforms, OWASP, BLUG, NULL etc. Has been a regular blogger and has published white papers on threat management and best practices in various social groups.
