secure code development what are the risks of delivering insecure applications or software products?...
TRANSCRIPT
![Page 1: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/1.jpg)
Secure Code DevelopmentSecure Code DevelopmentWhat are the risks of delivering
insecure applications or software products?
How can a company ensure they produce secure code?
What strategies can be used?What tools exist?What departments help with this
process?
![Page 2: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/2.jpg)
Secure ProgramsSecure Programs
15-50 faults per 1000 lines of code.Fixing faults:
◦“penetrate and patch” search for bugs and repair.
Is conformance to specifications sufficient?
Compare requirements with behavior. ◦Find program security flaws.◦Either human error or malicious intent.
Tester’s perspective important.
![Page 3: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/3.jpg)
Security Development Security Development LifecycleLifecycleAlign the below tasks with the SDLC.Plan: product stakeholders & security meet.Design: identify weaknesses early.Develop: code securely.Test: test products against security
requirements.Document: secure configurations of productAssess: verify product security before release.Respond: know how to deal with customers
who report security concerns with your product.
![Page 4: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/4.jpg)
Threat Model (design phase)Threat Model (design phase)
![Page 5: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/5.jpg)
Static Code Analysis ToolsStatic Code Analysis ToolsStatic analysis: static code analysis, data
flow static analysis, and metrics analysis Peer code review: process automation
◦ preparation, notification, and tracking Unit testing: JUnit and Cactus test
creation, execution, optimization, and maintenance
Runtime error detection: race conditions, exceptions, resource & memory leaks, security attack vulnerabilities.
![Page 6: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/6.jpg)
Quality AssuranceQuality Assurance
Systematic evaluation of the various aspects of a product to maximize the probability that minimum standards of quality are being attained by the production process.
Cannot guarantee production of quality products.
Two principles in QA: ◦ "Fit for purpose" - suitable for the intended purpose;◦ "Right first time" - mistakes should be eliminated.
Quality is determined by the product users, clients or customers, not by society in general.
![Page 7: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/7.jpg)
TestingTestingUnit: test in controlled environment.Integration: components work
together.Functional: does it meet
requirements.Performance: measure capability.Acceptance: check meets customer
requirements.Installation: final test during install.
![Page 8: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/8.jpg)
Testing ContinuedTesting ContinuedRegression: test product still meets
requirements after it has been modified.Black Box: test without knowledge of
how the system was built.White Box: test with full knowledge of
the system and its expected behavior.Independent: Outsider viewPenetration: computer security testing.
![Page 9: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/9.jpg)
Figure 3-19 Fault Discovery Rate Reported at Hewlett-Packard.
![Page 10: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/10.jpg)
Types of FlawsTypes of FlawsValidation Error: permission checks.Domain Error: controlled access to
data.Serialization and aliasing: program flow.Inadequate identification and
authentication◦Authorization flaws
Boundary condition violation: exceed them
Logic errors: errors in process design.
![Page 11: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/11.jpg)
Secure Software Development Secure Software Development PracticesPractices
Peer Reviews: review, walk-through, inspection.Hazard Analysis: expose hazardous states.Testing: quality assurance.Good Design: fail-safe, earlier discussion items.Prediction: risk analysis.Static analysis: control and data flow, structure.Configuration management: what changes
when.Analysis of mistakes: lessons learned.
![Page 12: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/12.jpg)
Nessus Vulnerability Scanner Nessus Vulnerability Scanner (assess phase)(assess phase)
![Page 13: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/13.jpg)
Non Malicious Program Non Malicious Program ErrorsErrors
Buffer Overflows: coding error, buffer overruns.◦Attacker replaces code in the stack
Heap Overflow: dynamically allocated memory. ◦ Corrupt this data in specific ways to cause
overwriting.Incomplete Mediation: out of range input or
value injection◦ http://www.comesite.com/purchasing/data&parm1=(303)5
55-1234&price=10◦ Tools: Hackbar, Tamper Data, OWASP Web Scarab, etc.
![Page 14: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/14.jpg)
Figure 3-1 Places Where a Buffer Can Overflow.
![Page 15: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/15.jpg)
Metasploit Pen TestingMetasploit Pen Testing
![Page 16: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/16.jpg)
Asset ManagementAsset ManagementConfiguration Management
◦ Manage updates and deliveries.Baselining
◦ capture a point in time.Patch management
◦ Verification and delivery.Vulnerability Management
◦ How will you respond to a customer?Change Management
◦ If no change will become less secure.
![Page 17: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/17.jpg)
TOCTTOU/Race ConditionTOCTTOU/Race ConditionTime of check time of use (TOCTOU)
◦ “Alter a condition after it has been checked”.◦ A state attack leveraging an OS change of
state◦ Hacker ask for permission to file “readme”.◦ OS Checks permission on file, ◦ OS does something else…◦ Hacker makes file a symbolic link from readme
to /etc/shadow.◦ OS allows access to file. Hacker changes
passwords.
![Page 18: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/18.jpg)
Discussion QuestionsDiscussion QuestionsThe common description of a
salami attack is penny shaving. ◦Steal small amounts that no one will
notice.How could you prevent a salami
attack from being part of your software product?◦Can you identify 3 controls to help?
![Page 19: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/19.jpg)
VirusVirusAgent: virus author.Malware that does not spread
automatically.Requires a carrier (USB, CDROM,
floppy).Macro: MS (Word, Excel).Polymorphic: changes its signature on
install.Boot sector: loads on system startup.Stealth: hides from anti-virus software.
![Page 20: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/20.jpg)
Figure 3-4 Virus Appended to a Program.
![Page 21: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/21.jpg)
Figure 3-5 Virus Surrounding a Program.
![Page 22: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/22.jpg)
Figure 3-6 Virus Integrated into a Program.
![Page 23: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/23.jpg)
Figure 3-7 Virus Completely Replacing a Program.
![Page 24: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/24.jpg)
Figure 3-8 Boot Sector Virus Relocating Code.
![Page 25: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/25.jpg)
Figure 3-9 Recognizable Patterns in Viruses.
![Page 26: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/26.jpg)
Anti-Virus is ReactionaryAnti-Virus is Reactionary
![Page 27: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/27.jpg)
Polymorphic VirusPolymorphic Virus
Virus coded to modify its signature.Insert lines containing random
comments.Scanners: remove comments, white
space. Insert junk code intermittently.
◦ Changes the capitalization of the letters in the crucial strings.◦ Traditional code normalization techniques are not applicable.
Use static encryption.Change Variable names.
![Page 28: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/28.jpg)
Protection Ring ModelProtection Ring Model
![Page 29: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/29.jpg)
Root kitsRoot kitsMalware that replaces portions of an
operating system at user level 3.◦ Unix: replace ls, ps etc.
PATH:.:/usr/bin:/usr/sbin Hide from /proc on linux
◦ Windows Replace dir or task list
Kernel-mode rootkits operate in ring 0.◦ Hide from /proc on linux
![Page 30: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/30.jpg)
Root Kit Protection Root Kit Protection (OSSEC)(OSSEC)
![Page 31: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/31.jpg)
Targeted Malicious CodeTargeted Malicious CodeWritten for a specific application or
purposeTrap doors: undocumented entry point.Salami Attack: skimming small
amounts.Rootkits: Sony XPC example.Privilege escalation: programs that run
at a high privilege level are targets.Keystroke loggers.
![Page 32: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/32.jpg)
Figure 3-10 Stubs and Drivers.
![Page 33: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/33.jpg)
Covert ChannelsCovert ChannelsDefinition: any communication
that violates a security policy.Storage Channel: use shared
storage to communicate, /tmp filesystem.
Covert timing channel: hacker notices the difference in system response to an incorrect password vs. incorrect username.
![Page 34: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/34.jpg)
Figure 3-11 Covert Channel Leaking Information.
![Page 35: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/35.jpg)
Figure 3-12 Covert Channels.
![Page 36: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/36.jpg)
Figure 3-13 File Lock Covert Channel.
![Page 37: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/37.jpg)
Figure 3-14 File Existence Channel Used to Signal 100.
![Page 38: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/38.jpg)
Figure 3-15 Covert Timing Channel.
![Page 39: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/39.jpg)
Discussion QuestionDiscussion QuestionAn electronic mail system could
be used to leak information. How could email leakage occur?What controls could detect or
prevent the leakage?
![Page 40: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/40.jpg)
Modularity & Modularity & ProgrammingProgrammingGoals for a component
◦Have a Single purpose.◦Be small: understand content and
structure.◦Be simple: KISS, low complexity.◦Be independent: performs a task
isolated from other modules.
![Page 41: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/41.jpg)
Benefits of ModularityBenefits of ModularityMaintenance: easier to maintain.Understandability: easier to
comprehend smaller pieces of code.
Reuse: reuse code in other systems.
Correctness: quickly trace failures if it only performs a single task.
Testing: simplifies testing.
![Page 42: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/42.jpg)
Figure 3-16 Modularity.
![Page 43: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/43.jpg)
Coupling & CohesionCoupling & CohesionConcept used to describe objects
in the object oriented world.Highly coupled = requires a lot of
other objects to complete a task.High Cohesion = very
independent objectObjects with high coupling have
low cohesion.
![Page 44: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/44.jpg)
Figure 3-17 Coupling.
![Page 45: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/45.jpg)
Object Oriented Object Oriented ProgrammingProgrammingJava, PERL, Python, C++.Programs are a series of connected
objects.Communicate via message passing.Objects are black boxes
◦Have data encapsulated.◦Has methods that can be called.
Design by breaking problems into objects.
![Page 46: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/46.jpg)
Object Oriented ClassObject Oriented Class
![Page 47: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/47.jpg)
EncapsulationEncapsulationConcept used to describe how
object oriented design hides data.
An object is a black box.Object provides methods to
access data.We do not know how the object
performs its function.Hide what should be hidden.
![Page 48: Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cfa5503460f949cc33e/html5/thumbnails/48.jpg)
Figure 3-18 Information Hiding.