Application Security: The Essentials – Proper Security Configuration

Welcome to our second article on application security, a guide to the essentials. In this series we are conducting an overview of the major security risks and concerns which present themselves to companies who are looking to move into the highly profitable area of application development.

In this article, we will be looking at the importance of proper security configuration within your operation.

If you run a business, however large or small, you will have strict security policies in place to protect both yourself and your customers. The premises should have a secure lock system and where appropriate a CCTV and alarm network as well. You may even employ physical guards to protect your property and data.

It is just as important that you protect your virtual property as you do your physical.

The number of levels at which an application development company operates makes it very vulnerable to attacks through a weakness in security – remember, a chain is only as strong as its weakest link. The collection of levels through an application is built and distributed is called a ‘stack’.

In a typical stack you will have a development and distribution platform, an OS which this platform runs on, a physical server where you hold documentation and run your network from, the webserver and framework from which you distribute the application as well as pushing out updates to users and of course the actual code upon which the application is built.

It is of the upmost importance that each individual aspect of your stack is correctly configured to work in perfect harmony. This can be maintained by ensuring that routine updates and security checks are carried out on each individual aspect of your infrastructure.

A misconfigured security set-up is easily accessed by attackers who can exploit holes such as default settings and expired security software on an OS. The potential damage that can be caused by an infiltration as the result of an improperly configured is severe – once an attacker has accessed one level of your stack, it becomes far easier for them to access additional levels and potentially compromise your entire set-up.

How do I prevent a Security Misconfiguration?

The first step to prevent a compromised security set-up is routine. A regular and well-streamlined routine to perfect checks on your security and eliminate faults such as default passwords, out of date software as well as unnecessary services which may have come with packages which you have purchased in the process of constructing your stack.

Ensure that the security between each level and component is as tight as the overall security which prevents unauthorised outsider access to any part of your configuration. This means that even if one level is compromised, you can more easily detect any unusual activity within it carry out a system lock-down and isolate the danger. It also means that you can better protect those levels of your stack which have not been infiltrated.

Remember; attackers seek to exploit weaknesses and flaws in your system configuration. Prevent hacks by always staying one step ahead.

Image Credits: © Aleksi Tappura -