Member-only story
InSecure Design Vulnerabilities: What are they and Why they Occurs
Introduction
Designing an application securely requires a lot of effort and if the application is not designed properly it might create security issues such as vulnerabilities like SQLi or Open S3 Buckets. These vulnerabilities exist because of design and architectural flaws. When a project team designs an application whether it is a webapp or android, they do not consider the security aspect of them until it has been implemented and a vulnerability gets reported to them whether by an external researcher or a bug bounty program. In a later stage when team performs the “shift left” testing they may find some of the issues and problem related to the design such as the neglection of implementing a firewall or adding input validations to the application
What are insecure Design Vulnerabilities?
As the name indicates “insecure design”, are those vulnerabilities that exist due to lack of security implementation in an application at the time of development. It denotes that the best practices for the designing an application has not been taken into consideration.
If we are building a house but the base of that house is not appropriate as per the need in the same way when we are developing an application but the design of that application is not appropriate as per security standard or as per SDLC requirements. Both situations will create problems for the end user.
As we are moving to the right of SDLC, the process (in later stages) to make changes in the base is tough and costly as well. Organizations will need more people to do the changes in the infrastructure and to fix other security related issues. That will increase the cost of the project as well. Hence it is very essential to design an application in the initial phase that is secure and cost efficient as well.
So Before moving ahead in the SDLC make sure design is as per the needs of clients and secure…
