Presenter: Sayeed Sajal
Authors: Gavin Holt
Faculty Advisor: Sayeed Sajal
Institution: Utah Valley University
Designing insecure code has become a growing threat over the last four years. It was a new addition to the OWASP Top Ten list, which is because of many reasons. Insecure design is different than insecure implementation, although there is some inevitable crossover between the two if they allow for similar problems. Some current critical issues with Insecure Design are allowing bot programs to work, lack of safety against overloaded requests, and general bad practices. These can include unsafe design from the ground up, complex ideas implemented into development/rolled out to the public, choosing too much convenience over safety in design, etc. Bad design practice is becoming more prevalent because people wait for certain bad practices to come up, purely because they are knowledgeable enough to take advantage of certain bad practices. One of the most significant examples of this could be SQL injection, which is also its factor in the OWASP Top Ten. In this research work, we discovered further insecure design problems and dived into why they are unsafe or, at the very least, bad practices. Then the preventative measures can take to get better-designed code. Threat Modeling is planning out and attempting to understand threats prior, during, and after designing to try to fix issues by design before they become a problem. Insecure design is a genuine and present threat; hackers are becoming increasingly accustomed to commonplace programming. It needs to be paid attention to, or else it could be our website that is being overloaded or held hostage simply because we don’t know solid enough secure practices to follow when programming.