Syllabus Point
- Use and explain the contribution of cryptography and sandboxing to the 'security by design' approach in the development of software solutions
Cryptography and sandboxing are two fundamental technologies that enable security by design. Cryptography protects data confidentiality and integrity, while sandboxing isolates untrusted code to prevent harm to the broader system.
Cryptography
Cryptography is the process of encoding information so only the intended recipient can read it. It achieves confidentiality through encryption, which converts plain data into a coded form that can only be understood by an authorised user with the correct key.
Uses the same key for both encryption and decryption. Both the sender and receiver must have the same secret key.
Asymmetric encryption
Uses a public key for encryption and a private key for decryption.
- To send: the sender needs their private key and the receiver's public key
- To decrypt: the receiver needs the sender's public key and their private key
Uses of cryptography
- Protecting sensitive data from unauthorised access
- Verifying data integrity - cryptographic hash functions can detect changes to data
- Authenticating users and systems - digital signatures and certificates verify the identity of users and systems
Hashing
Hashing is a process of converting one string to another using a hash function. Hash functions convert data into a fixed-length value, which acts as a digital fingerprint for the original data. Modifications to original data changes the hash - making it easy to detect if data has been affected.
Salt prevents password database matching - even if two users have the same password, their hashes will be different because of the salt.
Digital signatures
Digital signatures authenticate the identity of the sender - they involve a cryptographic algorithm that generates a unique code based on the message and the sender's private key.
Digital certificates (public key certificates) bind a public key to an entity - used in securing websites (HTTPS), email security, and ensuring authenticity of software and electronic documents.
Sandboxing
A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. It's designed to prevent threats from getting on the network and is used to inspect untested or untrusted code.
Web browser sandboxing
Sandboxing is used to make sure that websites can't access each other's data or the files of the computer. When running untrusted code, it's isolated in a controlled environment.
Preventing malicious code execution from user input
There is risk of injection attacks. Sandboxing can sanitise user input or execute untrusted content in an isolated environment.
Third-party integrations: safeguarding external APIs
Network and API request isolation helps to prevent external services from accessing or leaking sensitive user information if the API has a security breach. A sandbox environment for API keys limits damage in the case of API misuse.
Running untrusted code in the future
User-submitted scripts or bots can be run in an isolated, controlled environment.
Browser security: iFrames and embedded content
iFrame elements restrict the behaviour of embedded content - preventing it from executing scripts or interacting with the rest of the page that may introduce new security vulnerabilities.
Testing environments: safeguarding production
Development and testing environments should be isolated from the production environment.
Related Resources
Keep Progressing
Use the lesson navigation below to move through the module sequence.
