Академический Документы
Профессиональный Документы
Культура Документы
Quality
Key elements of ensuring software quality
Code review
Interface testing
Misuse case testing
Reasons for lack of security in SDLC
Lack of education on security
Operating systems and applications were not built on secure
architectures
Software development procedures have not been security oriented
Integrating security as an after thought
Software Development Lifecycle
5 Phases
Design how
Development coding
Risk-level acceptance
Design Phase
Outlines how the product is going to accomplish the
requirements
Process used to describe the requirements and internal
behavior of the software
Software requirements come from 3 models:
Informational model dictates the type of information and how it will
be processed
Functional model outlines the tasks the application will carry out
Behavioral model explains the states the application will be during
and after specific transitions
The following should be accomplished
Attack surface analysis
Threat modeling
Development Phase
This the phase were actual development happens
Fuzzing
Technique used to discover flaws and vulnerabilities in software by sending large amounts of
malformed, unexpected or random data in order to trigger failure
Helps in identifying buffer overflow, DoS vulnerabilities, injection weakness, validation flaws
Software Development Models
Build and Fix Model
Waterfall Model
V-Shaped Model
Prototyping
Incremental Model
Spiral Model
Agile Model
Build and Fix Model
Not a formal SDLC model
Each phase must be completed in entirety before the next phase begins
Review takes place at the end of each phase to make sure project is on
the right path
All requirements are gathered in the initial phase and there is no formal
way to integrate changes
Could be used for small projects that have all requirements understood
V-Shaped Model
Emphasizes the verification and validation of the product at each phase and provides a formal
method of developing testing plans as each coding phase is executed
It is also rigid model, does not allow for flexibility and thus adapting to changes is more difficult
and expensive
Best used when requirements are best understood and scope changes are very small
Prototyping
Sample product is developed to explore specific approach to a
problem before investing expensive time and resources.
Advantages
Allows for changes to take place early, testing uncovers issues quickly, each iteration is easily
manageable, cost is lower, customer gets the functionality earlier, risk of critical changes being
introduced is lower.
Best used when risk, program complexity, funding, functionality requirements needs to
be understood early in the development cycle
Spiral Model
Uses an iterative approach to software development
Advantages
As more information about the project is gatherer it is integrated into the risk analysis process, improve
prototype, test the prototype, allows for testing to take place early, allows new requirements to be addresses
as they are uncovered
The model focuses on small increments of functional code that are created based upon business need
It breaks the product down into individual features that are constantly being delivered
Development team can take pieces and parts of all the available SDLC models and combine them in a
manner that best suits the project requirement
Agile Model - Scrum
Most widely adopted Agile methodology
It acknowledges the fact that customer needs will change over time
Developed by Toyota
Optimized
Company has
Managed budgeted and
integrated plans for
Has formal process in continuous
Defined place to collect and improvement
analyze quantitative
Formal procedures data
Repeatable are in place Metrics are defined
Has a way to allow and fed into the
Formal management for quantitative process
Initial structure, change process improvement
control and quality improvement
Dev process is ad-hoc program
assurance are in
No assurance of place
consistency and Company can
quality properly repeat
processes
throughout each
project
Does not have formal
process model
defined
Change control Process
Make a request for change
Analyze the request
Develop the implementation strategy
Calculate the cost of implementation
Review security implications
Record the change request
Submit the change request for approval
Develop the change
Report results to management
Software Configuration Management
Identifies the attributes of software at various points in time and
perform methodical control of changes for the purpose of maintaining
software integrity and traceability throughout SDLC
SCM should provide the following
Concurrency Management
Helps prevent uncontrolled changes when multiple users simultaneously access the
same file
Versioning
Deals with keeping track of file revisions; it should create log reports of who made
changes, when and what
Synchronization
Allow individuals to check out complete or partial copies of the repositories and work on
the files as needed
Programming Languages
Machine Language
Format that the computers processor can understand and work with directly
It is represented in binary and considered the most primitive form of
programming.
First generation programming language
Assembly Language
Considered low-level programing language, it is a symbolic representation of
machine language
One level above machine language, programmers can use commands
instead of binary codes
Assemblers are used to convert this language code into machine
understandable format
Programs written are hardware specific and are not portable
Programming Languages
High-level Language
Third-generation language
They use abstract statements (eg. If-then-else)
They are easier to work with programs are easier to write and mistakes are easier
to identify
They are processor independent
They are portable and can be used on many different system types
Very High-level languages
4th Generation language
It enhances the natural language approach
Focuses on highly abstract algorithms that allow straightforward programming
implementation
The manual coding required may be ten times less than for the same task on a 3 rd
generation language s
Programming Languages
Natural language
5th generation of programming language
Program creation happens by defining the constrains for achieving a
specified result
Goal is to create software that can solve problems by itself instead of a
programmer having to develop code to deal with individual and specific
problems
Programming Language
Assemblers
Tools that convert assembly language source code into machine code
Compilers
Tools that convert high level language statements to machine code for
specific processors
Allows developers to create software once in high level language and
complied for various platforms
Interpreter
Performs the last step of transforming high-level code to machine-level code
It improves portability
Major advantage is that the platform independence and memory
management functions are part of the interpreter
Major disadvantage is that the program cannot run as a stand-alone
application but requires the interpreter to be installed on the local machine
Object Oriented Concepts
Benefits of Object Oriented Programming
Modularity
Differed commitment
Reusability
Naturalness
ORB manages all communications between the components and enables them to interact in a
heterogeneous and distributed environment
ORB works independently of the platforms where the objects reside, it provides greater
interoperability
SOAP
It is an XML based protocol that encodes messages in a web service
environment
It actually defines an XML schema of how communication is going to take place
The schema defines how objects communicate directly
SOA
Cloud Computing
Method of providing computing as a service rather than as a physical
product
Java Applets
Object-oriented, platform independent programming language
They have greater access to the users system compared to Java applets
ActiveX vs Java applets
It uses It sets up a
Authenticode sandbox for the
technology, which applet code to
relies on Digital execute thus
certificates and reducing codes
trusting certificate access to resources
authority within the users
computer
Web Environment Threats Input Validation
Attacks
Path or Directory traversal
Also known as dot dot slash attack
It is inserting the characters ../ several times into the URL to traverse into the directories that werent
supposed to be accessible from the web
Access to the command shell allows extensive access to the attacker
Unicode encoding
Webservers use Unicode to support different applications.
Attacker using Unicode could make the same directory traversal attack without using / but with any of
the Unicode representations of that character
URL Encoding
URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits. URL
encoding normally replaces a space with a plus (+) sign or with %20
Attackers found they could bypass filtering techniques and make requests by representing characters
differently
Web Environment Threats Input Validation
Attacks
Client-side validation
When the input validation is done at the client before it is even sent to
server to process
Persistent XSS
http://www.acunetix.com/wp-content/uploads/2014/03/reflected-xss.png
Cross-site Scripting (XSS)
Persistent XSS Vulnerability
Also known as stored or second-order vulnerability
Targeted against websites that allow users to input data that is stored in a
database in the server
The attacker posts some text that contains some malicious JavaScript, and when
other users later view the posts, their browsers render the page and execute the
attackers JavaScript
Persistent XSS is less frequent than Non-Persistent XSS
The damage that Persistent XSS can do is more devastating than the damage
done by Non-Persistent XS
Cross-site Scripting (XSS)
Document Object Model (DOM) XSS
Also referred to as local cross-site scripting
This causes the victim browser to execute the resulting abusive JavaScript
code
Parameter Validation
It is where the application validates the input values before server
application process them within the system
This is different from input validation, in that, whether the application was
expecting the user to input a value
Using encryption
Helps secure the input/output operations of a web application
Failing Securely
Systems that fail securely display friendly error messages without revealing internal system details
Transaction persistence
Fault tolerance
Sharing
It uses attributes (columns) and tuples (rows) to contain and organize data
Each cell contains only one data value that represents a specific attribute value
within a given tuple
A Primary key is the field that links all the data within a record to a unique value
A foreign key is defined in a second table, but it refers to the primary key in the first
table.
Hierarchical Database Model
It is the first type of Database model that was created but not common now
It combines records and fields that are related in a logical tree structure
In this model, parents can have one child, many children or no children
It does not use indexes to search procedures, and links cannot be established
between different branches and leaves on different layers
Application has to use its own procedures to obtain data from the
database and then process the data for its needs
Object-oriented Database Model
It is built upon the hierarchical data model
It allows each data element to have multiple parent and child records forming
a redundant network like structure
It uses constructs of records and sets
Records contain fields, which may layout in a hierarchical structure
Sets define the one-to-many relationships between the different records
Characteristics
Its a replacement for ODBC
It is a set of ODBC interfaces that exposes the functionality of data sources through
accessible objects
It uses the OLE DB interface to connect with the database and can be developed
with many different scripting languages
Characteristics
It is a high-level data access programming interface
Its a set of COM objects for accessing data sources not just database access
It allows developer to write programs that access data without knowing how the database is
implemented
SQL commands are not required to access a database when using ADO
Java Database Connectivity (JDBC)
It allows a Java application to communicate with a database
Characteristics
Provides the same functionality as ODBC but is specifically designed for
use by Java database applications
Has database independent connectivity between the java platform and a
wide range of databases
It enables the java programs to execute SQL statements
Relational Database Components
Component Description
Data Definition Language (DDL) Defines the schema and structure of the database, access
operations and integrity procedures
Data Manipulation Language It examines the data and defines how the data can be
(DML) manipulated within the database
Contains all the commands that enable an user to view,
manipulate and use the database
Data Control Language (DCL) It defines the internal language of the database
It can contain the default values for columns, integrity information, the
names of users, the privileges and roles for users and auditing
information
Referential Integrity:
Mechanism to ensure no foreign key contains a reference to a primary key of a
nonexistent record or null value
Entity Integrity:
Guarantees that tuples are uniquely identified by primary key values; every tuple must
contain one primary value
Integrity Protection Mechanisms
Mechanism Operations
Rollback Operation that ends the current transaction and cancels the current changes to
database. Database returns to its pervious state
Commit Completes a transaction and executes all changes just made by the user. This
ensures that partial changes do not take place and that data is not corrupted
Savepoints Helps to make sure if a system failure occurs, or if an error is detected, the
database can attempt to return to a point before the system crashed.
Having too many savepoints can degrade the performance
Checkpoints When the database software fills up a certain amount of memory, a checkpoint
is initiated. It saves the data from a temporary segment to a temporary file. Its
similar to savepoints
Two-phase The requests for database changes are put into a queue and activated all at
commit once. A pre-commit ensures all database are ready before the commit
command is sent to each database
Database Security Issues
Aggregation
Act of combining information from separate sources. This combination
provides new information which the subject does not have the necessary
rights to access
Inference
The ability to derive information not explicitly available
Database Security Issues Control mechanism
Content and Context Dependent access control
Some techniques
Cell suppression hiding specific cells that contain information
Consistency:
All data is consistent in the different databases
Isolation:
Transaction execute in isolation until completed, without interacting with other transaction
Durability:
Once the transaction is verified as accurate, it is committed and the database cannot be
rolled back
Data Warehouse
Data warehousing combines data from multiple databases into a
large database
Virus Application or code that infects software; Main function is to replicate and deliver its payload; It
requires a host application to replicate
Macro virus Written in one of the macro languages and it is platform independent
Its more common
Boot sector virus Infects the boot sector and either move data within boot sector or overwrite the sector with new
information
Polymorphic virus It produces varied but operational copies of itself, it can use different encryption schemes
requiring different routines
Has the capability to change its own code
Mutipart virus Has several components to it and can be distributed to different parts of the system
Meme virus Its actually not a virus, but types of email messages that are continuously forwarded by users
Script virus The virus will carry out the instructions that is integrated into the script
Tunneling virus Attempts to install itself under the antimalware program and remain stealth
Malicious Software
Type Description
Worm They can reproduce on their own and are self-contained programs
Rootkit A bundle of tools that allow an attacker backdoor entry to the victim system; root kids commonly
include log scrubbers which remove traces of the attackers activities from the system logs.
Root kit detection may be difficult because the rootkit may be able to subvert the AV solutions.
The best way is to reinstall the OS
Spyware Malware that is covertly installed to gather sensitive information about a victim
Botnets Group of bots (compromised hosts) under the control of a Command and Control server to
perform activities planned by the attacker
Logic Bomb It executes a program when a certain set of condition is met
Trojan Horse It is a program that is disguised as another program. They perform useful functionality in addition
to the malicious functionality in the background. It is one of the fastest growing malware types
Antimalware software
Type Description
Signature based Effective for detecting known malware; it cannot address new variants
Heuristic detection Analysis the overall structure of the malicious code, evaluates the coded instructions and logic
functions and then decides on the malicious action. It helps detect unknown malware
Immunizer An immunizer attaches code to the file, which would fool a virus into thinking it is already infected
Karthikeyan Dhayalan
MD & Chief Security Partner
www.cyintegriti.com