Characteristics of a Secure Application
A software application is as good as what it does. It should not do more than what it is expected to do. At the same time, it should not fail to perform what it is expected to do.
Here are 8 characteristics that fundamentally define a secure application:
- Completeness of the Inputs: If an application requests only a part of all the necessary inputs (data), the app might not be able to carry out the right computations due to the lack of data, which will lead to missing or erroneous outputs.
- Correctness of the Inputs: If an application doesn't check whether the entered input matches the required data format, it risks not only corrupting data but also the confidentiality thereof (e.g., SQL injection attacks) and the security of the users of the app (e.g., cross-site scripting attacks). Things can get wildly worse, e.g., when an incorrect medication dosage is entered, leading to a life threat.
- Completeness of Processing: An application must verify that all the tasks that it was supposed to perform are indeed done. If the processing is partially complete, then the partially completed portion has to be reversed and the entire task has to be redone or the other portion has to be completed to ensure the integrity of the data.