Page 111 - Cyber Defense eMagazine April 2023
P. 111
Integrating security and privacy engineering in your applications
It's no secret that data is stolen every day. So much so that you can pretty much guarantee that your
email address is included in one or more datasets for sale on the dark web.
What can you do to protect your application and data from the greed of cyber criminals and the scrutiny
of regulators?
Scan your code to map your data.
Modern CI/CD pipelines and processes employ Static Application Security Testing (SAST) tools to
identify code issues, security vulnerabilities, and code secrets accidentally pushed to public-facing
repositories. You can employ a similar static code analysis technique to discover and map out data flows
in your application.
This approach maps out the code components that can access, process, and store the data, thus
mapping out the data flows without fully crawling the content of any database or data store.
Enforce clear boundaries for microservices.
In a microservice architecture, each microservice should (ideally) be autonomous (for better or worse).
But where does each microservice end and another begin regarding sensitive data?
You can identify the boundaries for each microservice and its related domain model and data by focusing
on the application's logical domain models and related data. Then, attempt to minimize the coupling
between those microservices.
Shift left for privacy in a distributed world
Data security and privacy are rarely a priority for application developers. So it’s no surprise that
application data can float around your cloud assets and on-premises devices uncatalogued and
unmanaged. However, in 2023 you can’t afford to neglect data privacy laws and potential data security
threats lurking in your code.
Mapping the data flows in and out of your application is the first step to shifting privacy left and integrating
privacy engineering, compliance, and code security in your CI/CD pipeline.
111
