ASP.NET Security Consultant

I'm an author, speaker, and generally a the-way-we've-always-done-it-sucks security guy who specializes in web technologies and ASP.NET.

I'm a bit of a health nut too, having lost 50 pounds in 2019 and 2020. Check out my blog for weight loss tips!

If You Can't Do Something Securely, Don't Do It

Published on: 2018-08-07

I had an, um, I'll use the word "interesting" here, conversation recently with a software developer. I was doing an audit on some code and I found an issue with a particular approach to solve a security issue. Basically, the "normal" solution wasn't an option because of a design decision and the developer created another method to fix the security problem. Unfortunately, that method was basically as insecure as doing nothing at all, so I suggested a fix. After some back and forth, we decided to put in my suggested fix, but not until after this (paraphrased) comment from the developer: "Oh, I see, in balancing the needs between [technique] and security, we're choosing security."

I'm writing about this because it's an attitude that I see in many developers. Many will prioritize some design pattern or approach. For some, it's test-driven development. For others, it's following a particular design pattern, such as service-oriented architecture. For still others, it's following certain design patterns at whatever cost. Whatever that aspect is, though, there is a universal truth:

If you are sacrificing security in order to achieve some other code-related goal, then you're doing something very badly wrong.

I know, you're thinking "you're a security guy, of course you're going to emphasize security". But the reason I feel comfortable saying this so strongly is that there nearly always is a means to achieve your goal securely. With a little ingenuity, any software developer should be able to come up with a solution to most problems without sacrificing security, testability, reusability, etc. Trying to find a trade-off between security and [insert other code-related goal here] is almost never truly a trade-off. And in the rare cases it is, then find another solution. You have enough to worry about with zero-day attacks and forgotten items to have to worry about items you could have fixed but chose not to.

And if you absolutely can't find a solution, then contact me and I'll help you find one.