Security as a Process in Software Development Lifecycle v2.0
Post on 03-Feb-2016
4 Views
Preview:
DESCRIPTION
Transcript
Security As A Process In Software Development Lifecycle
Presented By:Ahmed Saafan
Agenda
Security layers Software lifecycle evolution Security in modern software lifecycle
Analysis phase activities Design & Development phases activities
Threat Modeling Deployment & testing phases activities
A final word
Security Layers
Layered Security approach (security in depth)
Physical Security Network Security Host (OS) Security Application Security
Security Layers Network Level vulnerabilities
DoS Packet inspection , password sniffing Identity theft (Spoofing)
Network breach mitigation techniques Firewalls IDSs, IPSs & IDPs Logs Analysis
Security Layers Host (OS) vulnerabilities
Hardware firmware vulnerabilities Windows!! RPC
Host threats mitigation Choose the right one Don’t just patch, protect.
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking Cross site scripting (XSS)
XSS
Type-0 attack
Type-1 attack
Type-2 attack
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking Cross site scripting (XSS) Buffer Overflow exploits Unhandled exceptions' exploits
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking Cross site scripting (XSS) Buffer Overflow exploits Unhandled exceptions' exploits
Is there a mitigation technique ?
Software lifecycle evolution
Functional Programming / Flow charts
Object Oriented Programming / Design
UML standards & modern SW lifecycle
Software lifecycle evolution
Security in modern software lifecycle
Hit backs due to security (patches)
The need for a more secure software
Security as a process in SDLC
Analysis phase activities
Take into consideration:
Confidentiality Integrity Availability Possession Authenticity Utility
Design & Development phases activities Take into consideration:
Input/Output validation
Design & Development phases activities Take into consideration:
Input/Output validation Principle of least privilege / default deny Compartmentalization (Separation of Privileges) Threat Modeling
Threat Modeling
Steps for threat Modeling:
1. Identify critical assets
2. Decompose the system• Network Diagram• Functionality diagram
Threat Modeling
3. Identify Possible points of attack
Trust Boundaries
Data Classification
Threat Modeling
Identify Threats for each node STRIDE
Model
Threat Modeling Step-by-step Model (Checklists)
Network Threats Web services subjected to a denial of service attack IP spoofing Faulty configuration of firewall rules, allowing outsiders to get access to
a database and change the data Errors in ACLs Sensitive data that flows unencrypted through the network
Host Threats Using un-patched servers allows crackers to exploit known
vulnerabilities Lack of clearly defined trust boundaries Improper server hardening guidelines resulting in a mismatch between
the server configuration and the security context in which it’s placed Application Threats
Code that’s prone to buffer overflows, SQL injection, or cross-site scripting
Defective or missing data encryption resulting in password compromise
Threat Modeling
Attack Trees
Threat Modeling
5. Categorize & prioritize threats Risk = Probability of occurrence (PO)
X Bussiness impact (BI)
DREAD Model
Project Risk Analysis on threat trees
Threat Modeling
6. Mitigate
Add Cost of mitigation to attack trees
Take decision based on risk vs. cost
Threat Modeling
Important Notes:
Consider everything that might go wrong will go wrong
Dynamic Nature of attack trees
Threat Modeling In A Nutshell1. Identify critical assets2. Decompose the system
• Network Diagram• Functionality diagram
3. Identify Possible points of attack• Trust boundaries• Data classification
4. Identify threats• STRIDE model OR Step-by-step model• Attack trees
5. Categorize and prioritize threats• Risk = PO X BI• DREAD model to calculate PO & BI• Project risks on attack trees
6. Mitigate• Add cost of mitigation to attack trees• Take decision based on risk vs cost
Design & Development phases activities Take into consideration:
Input/Output validation Principle of least privilege / default deny Compartmentalization (Separation of Privileges) Threat Modeling Threat Trees Integrate security Into Quality assurance process Sanitization of data between subsystems Encryption of all communication must be possible No transmission of passwords in plain text Coding standards checklists Logging
Deployment & testing phases activities
Take into consideration: IT infrastructure availability Hardware requirements are met Remove Trapdoors (Maintenance hooks) External team to ensure risk mitigation If possible, Get a black hat! Stress testing Regression testing Disaster recovery/system continuity
A Final word
“ Security is a process and not a product”
-Bruce Schneir
Open source software (OSS) and security
Thank youReferences: Software Engineering – Security as a Process in the
SDLC , James Purcell 2007 Hack proofing your network, Syngress 2000 Improving Security across SDLC, Task force report 2004 Don’t Just Patch, Protect!, Paul Wright 2007 Packet Sniffing In a Switched Environment, Tom King
2006 wikipedia.org/wiki/Session_hijacking www.0x000000.com/?i=424 , Secure Input validation en.wikipedia.org/wiki/Buffer_overflow Inside the Buffer Overflow Attack:Mechanism, Method,
& Prevention, Mark E. Donaldson Software Engineering, Sommerville 2005 Assumptions In Intrusion Analysis, by Rodney Caudle.
Thank youReferences: http://www.securityfocus.com/columnists/445 , Security
Analogies by Scott Granneman. http://www.securityfocus.com/columnists/420, Surprises
Inside Microsoft Vista's EULA by Scott Granneman. http://www.microsoft.com/technet/technetmag/issues/2005/01/
SessionHijacking/?topics=/technet/technetmag/issues/2005/01/SessionHijacking
Exploiting The Otherwise Non-exploitable on windows, by Miller Skywing
A Practical Approach To Threat Modeling, by Tom Olzak Foundation Of Attack Trees, by Sjouke Mauw From product to process: Bruce Schneier's take on
security , By M. E. Kaba, Network World Security Newsletter
top related