2.3 Secure Application Development, Deployment, and Automation

Secure Deployments

Sandboxing = isolated tested environment - no connection to real world or production system

Provisioning and Deprovisioning

Provisioning means making something available, like application or service. - process of setting up and configuring resources in an IT environment

Scalability = ability to increase the workload in a given infrastructure - vertical (scaling up/down) = adding more resources like CPU or RAM to existing machines - horizontal (scaling up/down) = adding more machines to a network or system

Elasticity = increase or decrease available resources as the workload changes - focus on the system's ability to adapt to workload changes by provisioning and de-provisioning resources in an automatic manner

Orchestration = refers to the automated coordination and management of complex computer systems and services. It involves aligning and integrating multiple automated tasks and processes to streamline and optimize workflows and operations. - automated patch management, threat detection and response, and the coordination of security systems

Deprovisioning is the process of removing access rights or resources from users or systems. - critical aspect of access control and security, ensuring that former users or outdated systems no longer have access to sensitive resources or data

Secure Coding Techniques

Stored procedures = Structured Query Language (SQL) statements with an assigned name, which are stored in a relational database management system (RDBMS) as a group, so it can be reused and shared by multiple programs.

Obfuscation = making something normally understandable to very difficult to understand

Dead code = section in the source code of a program which is executed but whose result is never used in any other computation - code that can never be executed in a running program. the surrounding code makes it impossible for a section of code to ever be executed

Input validation = validating the user input, checking the format and type of the input - server-side validation = all checks occur on the server, safer - client-side validation = end-users's app makes the validation decisions

Version control = create file, make change, track changes, revert back to previos version - tracking and managing changes to software code

Software Diversity

Running same OS and same applications but the binary is different for every time a workstation compile the application. This won't change the functionality of the application. Final binary file will be different every time which prevents the exploitation of same vulnerability found in the same OS and same application.

Automation and Scripting

Continuous integration = practice of frequently integrating code changes into a shared repository - each integration is verified by automated builds and tests to detect integration errors as quickly as possible

Continuous delivery/deployment = automate the testing, release, and deploy process - Continuous Deployment is the automated release of validated code to a production environment, ensuring that new changes are deployed rapidly and reliably - Continuous Delivery is a similar concept but emphasizes the readiness for deployment, not necessarily deploying every change automatically.