Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/18/2018
09:00 AM
Raymond Pompon
Raymond Pompon
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

The Startup Challenge: Safe in the Cloud from Day One

How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.

Some startups see security as a nice-to-have that can be added months or years after launch. The smart ones realize that dependable security from the beginning means solid performance, satisfied customers, and no precious startup dollars wasted on fraud or incidents. F5 Labs decided to peek under the hood of one of these smart startups: Wanderlust Society. This Seattle-based company was created by a team of Amazon veterans looking to reduce the hassle while increasing the enjoyment of travel planning. Wanderlust Society created a Web application that wrangles the long tail of personalized recommendations and the online community for travelers looking to take and share highly curated trips.

Before you begin building your architecture, it’s a good idea to have a well-defined idea of what you want. Wanderlust Society thought this through and set the following as the primary goals for their Web application:

  • Mobile optimized
  • Secure
  • Fast
  • Highly available
  • Easily scalable

Understand Security Risks
To build a security risk model, you use these goals to anticipate potential threats. It's not enough to just say things like, "we want our site to be secure." Security can mean different things to different organizations, so risks needs to be detailed. The risk model will be used by developers and architects to make tradeoffs.  Wanderlust Society did an excellent job of defining these:

Unauthenticated users should only be able to read or write data and APIs that are explicitly marked publicly available.

  • Authenticated users should only be able to see and change their own data.
  • Authenticated users should see shared data from other users.
  • Authenticated users should not be able to read or write system data.
  • Attackers should not be able to access the system by stealing an authenticated user’s credentials.
  • Attackers should not be able to steal/scrape Wanderlust Society data.
  • Attackers should not be able to intentionally crash, degrade, or modify site functionality.

This list is by no means carved in stone. It can and should be reviewed periodically and updated as conditions changed.

Architect to Meet Goals and Address Risks
Once Wanderlust Society figured out goals and risks, they worked out architecture and security controls, including the following:

Mobile Optimized
For a powerful mobile experience, the site needed to be super-fast to load (ties to Fast goal), so the core JavaScript is only 90 KB (compressed). This means that the site works great even on a slow 3G mobile connection.

Secure
Wanderlust Society built their application in the cloud and they also correctly realized that application security in the cloud is their responsibility. That means they had to build and configure the proper tools to lock things down to their specific risks.

First, the application was designed to respond only to HTTPS requests, so all communication is encrypted. Second, the application was partitioned with firewalls and rules locking down traffic in both directions (to reduce attack surface and exfiltration). Databases are in a restricted, non-public subnet and firewalled to a single port. This reduces the risk of attackers stealing data from users.

Passwords are a common way to authenticate, but they are also fragile and a burden to manage properly. Wanderlust Society chose an alternate method and went with Federated Identity. This means their Web application pulls from another trusted authentication repository such as a third-party website where a user is already registered. Wanderlust Society chose to federate from Facebook because most people already have a Facebook account. Also, Facebook's infrastructure and platform are used by billions daily, so they’ve been proven reliable and secure.

To securely track users, Wanderlust Society used a request/access token system for all service calls. When a user authenticates, he or she is granted a token tied to the originating client device. Because you never want to trust user input, the token is constantly verified at the server side.

Since Wanderlust Society recognized that user input can never be trusted, they also built in server-side data validation checks and parameterized SQL statements to prevent injection attacks.

Fast
As described in the mobile optimized goal, the Wanderlust Society application was designed to be fast. In addition to the app design, they also leveraged cached content delivery networks at the edge for all site images as well as frequently used data.

Highly Available
Being Amazon veterans, the app developers are experts at leveraging Amazon Web Services (AWS). The server instances run in Elastic Compute Cloud (EC2) behind load balancers while CloudWatch is used for monitoring and alarming. Multi-availability zones are also deployed.

Easily Scalable
Wanderlust Society application services are based on the microservices architecture model where applications are small and generally focused around a small set of closely related tasks. This allows services to be independently deployable and expanded. Code is hosted in Docker containers within the EC2 instances, which is scalable to meet Wanderlust Society requirements.

Tradeoffs
There are always tradeoffs. One big one was using Facebook to federate identity. A minority of people don't trust Facebook and refuse to use their service, and some people are just not interested in signing up with Facebook. Those potential customers will probably not choose to join for now. Supporting federated identities allowed Wanderlust Society to push the development work of building their own secure account creation and login functionality to a future time when they have more resources. A worthwhile tradeoff, since building an authentication system from scratch requires expertise and thorough testing.

The second tradeoff was using the cloud versus an on-premises solution. Here, Wanderlust Society went back to its core mission: building software that helps people travel, not IT operations. So off to the cloud.

Wanderlust Society is off to a strong start with shrewd practices, including articulating their goals, doing a risk analysis against those goals, and choosing appropriate responses to counter those risks while weighing the tradeoffs.

Get the latest application threat intelligence from F5 Labs.

 

Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
F5 makes apps go-faster, smarter, and safer. With solutions for the cloud and the data center, F5 technology provides unparalleled visibility and control, allowing customers to secure their users, applications, and data. For more information, visit www.f5.com.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.