Map data movement and exposure

It is important to map data movement and exposure in order to keep it secure. Mapping helps to define the "attack surface", raises awareness of vulnerabilities, and helps developers to expect the unexpected. You cannot secure a doorway that you do not even know exists.

Take inventory of where data enters your systems, how it moves between system parts, where it is stored, and how it is returned to the user or to other outlets. These are all exposure points.

What to Map

  • Data input
  • Data in transition
  • Data in storage
  • Data output

Data input

Data input is the most obvious. You should be suspicious of all incoming data.

  • forms
  • URLs
  • cookies
  • session data
  • databases
  • your APIs

Data in transition

Data in transition can be insecure if it passes through insecure hardware, vulnerable software, or if the data is translated or transformed in any way.

  • internet
  • WiFi
  • network hardware
  • code handling
  • server memory
  • server CPU

Data in storage

Data in storage is vulnerable if physical access to the storage is insecure (e.g. access to a server room) or if the access controls on the storage are insecure (e.g. weak database passwords).

  • databases
  • hard drives
  • The Cloud
  • portable media (flash drives, CDs)
  • backup files

Data output

Data output can be manipulated to generate unexpected results or to gather information. For example, imagine a username stored in the database containing malicious JavaScript code. It is harmless in the database, but retrieving it and outputting "Hello {$username}" on an HTML page becomes dangerous.

  • HTML/JavaScript/JSON/XML
  • cookies
  • databases
  • third-party APIs
Fork me on GitHub