{"id":1431,"date":"2025-11-30T05:23:00","date_gmt":"2025-11-29T20:23:00","guid":{"rendered":"https:\/\/touhyo.com\/blog\/?p=1431"},"modified":"2025-12-10T13:07:59","modified_gmt":"2025-12-10T04:07:59","slug":"strengthen-the-guard","status":"publish","type":"post","link":"https:\/\/touhyo.com\/blog\/en\/strengthen-the-guard\/","title":{"rendered":"Strengthen the guard"},"content":{"rendered":"\n<p>Pursuing ideals takes time, not just in systems and design.<\/p>\n\n\n\n<p>When building systems, failing to implement robust security measures can lead to unexpected issues arising from user actions. In projects with tight budgets and schedules, planning and design phases often get rushed, so extra caution is essential.<\/p>\n\n\n\n<p>If I were to list just three points, they would be as follows.<\/p>\n\n\n\n<p><strong>\u30fbMinimize input points<br>\u30fbMulti-layered defense per boundary<br>\u30fbUnexpected events trigger immediate errors<\/strong><\/p>\n\n\n\n<p>Ninety percent of attacks begin with &#8220;input.&#8221; Conversely, systems that attackers cannot access cannot be breached. The greater the freedom in input, the higher the risk.<\/p>\n\n\n\n<p>Of course, there is no system that is 100% impossible to break.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">\u30fbMinimize input points (user-interaction areas) to the absolute minimum<br>\u30fbImplement &#8220;boundary defense&#8221; by blocking data flow at the block level<br>\u30fbDesign systems to handle all unexpected behavior as exceptions<\/mark><\/strong><\/p>\n\n\n\n<p>The idea is to make it a system that&#8217;s difficult to break through within the allotted time.<\/p>\n\n\n\n<p>By the way, &#8220;1&#8221; refers to measures like string sanitization and prepared statements during database processing. &#8220;2&#8221; covers escaping during HTML output generation, and so on. Also, &#8220;3&#8221; is surprisingly important\u2014it involves conditional branching that immediately halts processing when unexpected values are received.<\/p>\n\n\n\n<p>There are other detailed countermeasures, but ultimately it depends on the budget.<\/p>\n\n\n\n<p>Conversely, it&#8217;s often the case that we have no choice but to implement only basic security measures, leaving finer details somewhat lax. Even when we aim to refine the handling of specifics, there are limits depending on the case, so realistically, it comes down to implementing what&#8217;s feasible within the constraints.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">When in doubt, go back to basics<\/h2>\n\n\n\n<p>At its core, any system is nothing more than &#8220;input and output&#8221;.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Input (Store \/ Ingest)<\/h2>\n\n\n\n<p>All things entering from outside = data &#8220;ingestion&#8221;.<\/p>\n\n\n\n<p>\u30fbForm input<br>\u30fbAPI requests<br>\u30fbFile uploads<br>\u30fbCookies \/ Sessions<br>\u30fbDatabase writes<br>\u30fbLog storage<br>\u30fbConfiguration changes<\/p>\n\n\n\n<p>The above refers to all input (the act of importing into the system).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Output (Serve \/ Provide)<\/h2>\n\n\n\n<p>Next, what the system returns internally = the data&#8217;s &#8220;output&#8221;.<\/p>\n\n\n\n<p>\u30fbHTML display<br>\u30fbJSON response<br>\u30fbAPI response<br>\u30fbFile distribution<br>\u30fbImage provision<br>\u30fbEmail sending<br>\u30fbDisplay database read results<\/p>\n\n\n\n<p>Output is the act of returning data from the system to the outside world.<\/p>\n\n\n\n<p>Breaking down the process into smaller steps reveals a surprisingly simple structure. Writing meticulous, safe logic is essential. Never forget that implementation time directly translates to the quality of the deliverable. Take your time to build it carefully.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pursuing ideals takes time, not just in systems and design. When building systems, failing to implement robust security measures can lead to unexpected issues arising from user actions. In projects with tight budgets and schedules, planning and design phases often get rushed, so extra caution is essential. If I were to list just three points, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"en_US","_original_post":"https:\/\/touhyo.com\/blog\/?p=1416","footnotes":""},"categories":[1],"tags":[],"class_list":["post-1431","post","type-post","status-publish","format-standard","hentry","category-memo","en-US"],"_links":{"self":[{"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/posts\/1431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/comments?post=1431"}],"version-history":[{"count":9,"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/posts\/1431\/revisions"}],"predecessor-version":[{"id":1554,"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/posts\/1431\/revisions\/1554"}],"wp:attachment":[{"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/media?parent=1431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/categories?post=1431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/touhyo.com\/blog\/wp-json\/wp\/v2\/tags?post=1431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}