How would I approach an established application with the intent to add a feature?
In the instance of adding functionality to an existing system, the first step would be to examine the base code. Understanding how the base code works and what vulnerabilities it has will enable you to make the additions in the safest way possible. Reviewing the threat models and attack surfaces of the original will go a long way to ensure you re-engage with the original security architecture and know the primary concerns of the base program. You can also compare previous external modules and libraries to the most current standards, if the program isn’t maintained well.
While the new system functions may be entirely different, they still have to work seamlessly with the original program. It should be evaluated in conjunction with the original to see what data flows need to be used in the new functionality and what levels of protection they may need. If your functionality includes a third-party service, you should consider what the best way to protect the trust barrier is.
Once the original code has been thoroughly reviewed, you can begin to define the new requirements of the system, as well as new potential threats that weren’t previously an issue. The previous code review will help detail what data is most important or most at risk to help identify the scope of the data at hand and how much security is needed.
Other than understanding your inherent risks from the base code, basic SSDL processes will ensure that the identified areas are treated correctly. The rest of the encryption, authentication, and access controls can be implemented, and possibly re-used, to build the new functionality requested. Additionally, thorough testing should be used, as with any program, to ensure the integration is smooth.
[1] CSSLP Exam Guide Third Edition
