Is SSL Secure enough? (Part 3 of 3)
Writing SSL-enabled applications
When you write & debug your application, you must take all SSL warnings seriously. Do research to understand the current state of attacks against SSL (This link is your brute force approach, this link may be more up-to-date.) Make sure that your SSL stack is hardened against the most current attacks & confirm that your CA implements controls that reduce the likelihood of certificate theft. For example, can you call your CA and order a certificate without providing any evidence of your identity? If yes, there’s probably a problem. Finally, integrate Online Certificate Status Protocol (OCSP) support in your application in order to ensure you have a way to recall a certificate in the event that your certificates are stolen.
So we’ve talked about security, and common security gotchas. Before, we asked “If I implement SSL, am I secure enough?”. We’ve seen why that’s too ambiguous. We’re now ready for a more refined question:
If I use SSL correctly, is my mobile application secure enough?
“It depends” should adequately inform & frustrate the developer. Remember when we deconstructed security in the context of SSL? I argued that it only provided Confidentiality. I articulated that SSL only provides Integrity for data in transit (not data resident in the application or on the server). Finally I couldn’t articulate a way that SSL enhances or affects Availability. Since we can’t address all three domains squarely, we’re missing something in achieving our security objective. SSL does not solve all our problems.
Developers must recognize that security research continually advances. Until we discover a way to write applications that reliably have zero defects, we must maintain an awareness of the current state of research & understand exactly what feature a security technology delivers. SSL is a tool that can be wielded for encrypting data in transport. But the task of securing the application extends beyond just encrypting your application’s data while it’s in transport. Security assessments are a holistic exercise.
You must write your applications to adequately prevent malicious input from compromising the customer’s data or services. You must consider the possibility that your customer could use your application to attack your system’s servers. You must look at your application & ask yourself how you would use it if you wanted to break the solution.
A Paragraph About Threat Modeling
Threat modeling is an activity that can help developers understand whether or not they have done enough to protect their application. The goal of threat modeling is to identify threats, attacks, vulnerabilities & countermeasures that can affect your application. You may want to consider threat modeling as an approach for determining if you’ve implemented adequate controls to protect your application. Two valuable resources on threat modeling are
Open Web Application Security Project: http://www.owasp.org/index.php/Threat_Risk_Modeling
Microsoft Threat Modeling Tool:
Deciding if your application is “secure enough” is a fuzzy, qualitative exercise. There’s no checklist that you can rely on to accurately inform you if you’ve done everything right. You must evaluate the entire application and decide if you are addressing its most realistic threats associated with the CIA triad. Threat modeling is an exercise developers can implement to assess their application’s security. You should consider your objectives & evaluate if the security techniques you have implemented help you achieve your goals.