Building More Secure Building More Secure Applications Applications Dave Glover Dave Glover Developer Solutions Specialist Developer Solutions Specialist Microsoft Australia Microsoft Australia Blog: Blog: http://blogs.msdn.com/dglover http://blogs.msdn.com/dglover Graham Elliott Graham Elliott Architectural Technology Specialist Architectural Technology Specialist Microsoft Australia Microsoft Australia [email protected][email protected]ARC215
29
Embed
Building More Secure Applications Dave Glover Developer Solutions Specialist Microsoft Australia Blog: .
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Building More Secure Building More Secure ApplicationsApplications
Security Principles to Live BySecurity Principles to Live By
Tools and ResourcesTools and Resources
Next StepsNext Steps
Q&AQ&A
The Importance of Application SecurityThe Importance of Application Security
The Gartner Group states: The Gartner Group states: "Today over 70% of attacks against a "Today over 70% of attacks against a
company's Web site or Web application company's Web site or Web application come at the 'Application Layer' not the come at the 'Application Layer' not the Network or System layer."Network or System layer."
Microsoft Developer Research:Microsoft Developer Research: ""64 percent of developers are not confident 64 percent of developers are not confident
in their ability to write secure in their ability to write secure applicationsapplications""
Understanding The AttackersUnderstanding The Attackers
Author
Script-Script-KiddieKiddie
HobbyistHobbyistHackerHacker
ExpertExpert SpecialistSpecialist
Vandal,Cyberpu
nk
Thief, Booster, Fence,
Classic Criminals
Spy,Terrorist
Mal-Tech Trespasser
National Interest,National Interest,ChaosChaos
Steal Something Steal Something of Value / assetsof Value / assets
Personal Fame,Personal Fame,To Embarrass,To Embarrass,To WinTo Win
CuriosityCuriosity
NothingNothingAnyone
Un-Un-intentionalintentional
Disgruntled Employee
Example Threats Against The ApplicationExample Threats Against The Application
ThreatThreat ExamplesExamples
SQL injectionSQL injection Inc DROP TABLE in text typed into an input fieldInc DROP TABLE in text typed into an input field
Cross-site scriptingCross-site scripting Using malicious client-side script to steal cookiesUsing malicious client-side script to steal cookies
Hidden-field Hidden-field tamperingtampering
Maliciously changing the value of a hidden fieldMaliciously changing the value of a hidden field
EavesdroppingEavesdropping Using a packet sniffer to steal passwords and Using a packet sniffer to steal passwords and cookies from traffic on unencrypted connectionscookies from traffic on unencrypted connections
Session hijackingSession hijacking Using a stolen session ID cookie to access Using a stolen session ID cookie to access someone else's session statesomeone else's session state
Identity spoofingIdentity spoofing Using a stolen forms authentication cookie to pose Using a stolen forms authentication cookie to pose as another useras another user
Information Information disclosuredisclosure
Allowing client to see a stack trace when an Allowing client to see a stack trace when an unhandled exception occursunhandled exception occurs
Buffer overflows, illicit paths, etc. Buffer overflows, illicit paths, etc. Buffer overflows, illicit paths, etc. Buffer overflows, illicit paths, etc.
Security Deployment Lifecycle Task and ProcessesSecurity Deployment Lifecycle Task and Processes
Traditional Microsoft Software Product Development Lifecycle Tasks and ProcessesTraditional Microsoft Software Product Development Lifecycle Tasks and Processes
Windows pre- and post-SDL critical and important security bulletins
SQL Server 2000 pre- and post-SDL security bulletinsExchange Server 2000 pre- and post-SDL security bulletins
5555
1717
455455
Threat ModelingThreat Modeling
Secure software starts with Secure software starts with understanding the threatsunderstanding the threats
Threats are not vulnerabilitiesThreats are not vulnerabilities
Threats live forever, they are the Threats live forever, they are the attacker’s goal(s)attacker’s goal(s)
ThreatThreat
AssetAssetMitigationMitigation
VulnerabilityVulnerability
Security Principles to Live BySecurity Principles to Live By
GrahamGraham
Security Principles to Live By Security Principles to Live By Living in an un-trusted worldLiving in an un-trusted world
Security Features != Secure FeaturesSecurity Features != Secure Features
Don’t Trust Input, Assume it’s All EvilDon’t Trust Input, Assume it’s All EvilAlways validate data as it crosses trust Always validate data as it crosses trust boundariesboundaries
Don’t rely on client side validationDon’t rely on client side validation
Constrain, reject, and sanitize user inputConstrain, reject, and sanitize user inputType checks, length checks, range checks, Type checks, length checks, range checks, format checksformat checks
Assume external systems are insecureAssume external systems are insecure
Use managed code where possibleUse managed code where possible
Security Principles to Live By Security Principles to Live By Do you really need to be admin?Do you really need to be admin?
Use Least Privilege (to Use Least Privilege (to build, test and build, test and run)run)
Applications should execute with the least Applications should execute with the least privilege to get the job done and no moreprivilege to get the job done and no more
You will make mistakesYou will make mistakes
Malicious code executing in a highly-Malicious code executing in a highly-privileged process runs with extra privileged process runs with extra privilegesprivileges
Design for Separation of Privilege Design for Separation of Privilege
Security Principles to Live By Security Principles to Live By Reducing your exposureReducing your exposure
Reduce Your Attack Surface (early)Reduce Your Attack Surface (early)The interfaces exposed to an attackerThe interfaces exposed to an attacker
Surfaces on by default are the most valuable to attackersSurfaces on by default are the most valuable to attackers
Use only the services that your application requiresUse only the services that your application requires
Employ Secure DefaultsEmploy Secure DefaultsInstall application in a secure stateInstall application in a secure state
Users should have to enable features that reduce Users should have to enable features that reduce securitysecurity
Users should NOT have to disable features to Users should NOT have to disable features to achieve securityachieve security
Understand Your GibletsUnderstand Your Giblets
Security Principles to Live BySecurity Principles to Live ByCode fails… really, it does!Code fails… really, it does!
Plan on Failure, Fail in a Secure ModePlan on Failure, Fail in a Secure ModeFailure code path should be most secureFailure code path should be most secure
Don’t log detailed error to the clientDon’t log detailed error to the client
Learn From Mistakes (yours and theirs)Learn From Mistakes (yours and theirs)Understand them; and fUnderstand them; and fix them correctlyix them correctly
Build security into your response plansBuild security into your response plans
Defence in DepthDefence in DepthThreat risk goes down as threat difficulty Threat risk goes down as threat difficulty goes up goes up
Driven by policyDriven by policy
Key Security PrinciplesKey Security PrinciplesProtecting your secret stuffProtecting your secret stuff
Treat the storage medium as if it were Treat the storage medium as if it were at riskat risk
Confidentiality and IntegrityConfidentiality and Integrity
Avoid Storing SecretsAvoid Storing SecretsIf required, store hashes of secretsIf required, store hashes of secretsTake appropriate security measuresTake appropriate security measures
Never Depend on “Security by Never Depend on “Security by Obscurity”Obscurity”
Obscurity cannot provide real securityObscurity cannot provide real securityEg: roll your own crypto, Eg: roll your own crypto, hiding security hiding security keys in files, relying on undocumented keys in files, relying on undocumented registry keysregistry keys
Tools and ResourcesTools and Resources
DaveDave
Security in Visual Studio 2005Security in Visual Studio 2005
Create project and testing policiesCreate project and testing policies
Integrated Bug TrackingIntegrated Bug Tracking
Distributed system designersDistributed system designers
CAS and IntelliSense in ZoneCAS and IntelliSense in Zone
Permission CalculatorPermission Calculator
Data Protection APIData Protection API
ASP.NET v2 security made easyASP.NET v2 security made easy
Security in Visual Studio 2005Security in Visual Studio 2005
Application VerifierApplication Verifier
Static Analysis ToolsStatic Analysis Tools
Code CoverageCode Coverage
Load/Stress TestingLoad/Stress Testing
VB.NET My ClassesVB.NET My Classes
Visual Studio 2005Visual Studio 2005- Application Designer- Application Designer- IntelliSense in Zone- IntelliSense in Zone
Next StepsNext Steps
Stay informed about securityStay informed about securityMicrosoft Developers Network Security CenterMicrosoft Developers Network Security Center
Get additional security trainingGet additional security trainingFind online and in-person training seminars:Find online and in-person training seminars:
We invite you to participate in ourWe invite you to participate in our online evaluationonline evaluation on CommNet,on CommNet,
accessible Friday onlyaccessible Friday only
If you choose to complete the evaluation online, If you choose to complete the evaluation online, there isthere is no need to complete the paper evaluationno need to complete the paper evaluation