Cover image for Secure code review: Part 5 - Least privilege principle

Secure code review: Part 5 - Least privilege principle

brianverm profile image Brian Vermeer ๐Ÿง‘๐Ÿผโ€๐ŸŽ“๐Ÿง‘๐Ÿผโ€๐Ÿ’ป ใƒป2 min read

Code reviews are hard to do well. Particularly when youโ€™re not entirely sure about the errors you should be looking for! The DevSecOps approach pushes security testing left so that vulnerabilities can be found and fixed earlier, in the design, development, or CI/CD stages of the workflow. Itโ€™s always a good idea to check for security issues in code that you review. In case you donโ€™t know what to look for, check out this series to give you pointers for your next code reviews!

Enforce the least privilege principle

In addition to authentication comes authorization. They sound similar but are quite different. As we saw in part 4, authentication proves a user or service is indeed who they say they are, while authorization goes further to ensure that person or service is allowed to perform whatever task or action theyโ€™re trying to perform. We know we need to check for this and ensure those users, services, or processes are running or exist in a role that has the authority to undertake such an action. However, from a coding point of view, itโ€™s often all too easy to give more access than is actually required.

The principle of least privilege states that every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose. So in essence, give people or processes the bare minimum of privileges and permissions they need to achieve their goal.

A great way to test for this is to ensure you write specific automatic unit and integration tests that not only test the happy path but, more importantly, test the unhappy security related cases. These tests should successfully authenticate, but try to perform operations theyโ€™re not entitled to perform. These tests should always be added when altering the roles your application runs under or introduces new resources that require you to be in a specific role to perform.

Want to know more

Check the complete Secure code review cheat sheet

Posted on by:

brianverm profile

Brian Vermeer ๐Ÿง‘๐Ÿผโ€๐ŸŽ“๐Ÿง‘๐Ÿผโ€๐Ÿ’ป


Java Dev | DevRel | VirtualJug Co-lead | UtrechtJUG Co-lead | MyDevSecOps Co-lead | Dutch Air Reserve | Taekwondo Master | Flag Football CB/WR


Editor guide