Secure Code Secure Code Development Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code? What strategies can be used? What tools exist? What departments help with this process?
48
Embed
Secure Code Development What are the risks of delivering insecure applications or software products? How can a company ensure they produce secure code?
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Secure Code DevelopmentSecure Code DevelopmentWhat are the risks of delivering
insecure applications or software products?
How can a company ensure they produce secure code?
What strategies can be used?What tools exist?What departments help with this
process?
Secure ProgramsSecure Programs
15-50 faults per 1000 lines of code.Fixing faults:
◦“penetrate and patch” search for bugs and repair.
Is conformance to specifications sufficient?
Compare requirements with behavior. ◦Find program security flaws.◦Either human error or malicious intent.
Tester’s perspective important.
Security Development Security Development LifecycleLifecycleAlign the below tasks with the SDLC.Plan: product stakeholders & security meet.Design: identify weaknesses early.Develop: code securely.Test: test products against security
requirements.Document: secure configurations of productAssess: verify product security before release.Respond: know how to deal with customers
who report security concerns with your product.
Threat Model (design phase)Threat Model (design phase)
Systematic evaluation of the various aspects of a product to maximize the probability that minimum standards of quality are being attained by the production process.
Cannot guarantee production of quality products.
Two principles in QA: ◦ "Fit for purpose" - suitable for the intended purpose;◦ "Right first time" - mistakes should be eliminated.
Quality is determined by the product users, clients or customers, not by society in general.
TestingTestingUnit: test in controlled environment.Integration: components work
◦ Verification and delivery.Vulnerability Management
◦ How will you respond to a customer?Change Management
◦ If no change will become less secure.
TOCTTOU/Race ConditionTOCTTOU/Race ConditionTime of check time of use (TOCTOU)
◦ “Alter a condition after it has been checked”.◦ A state attack leveraging an OS change of
state◦ Hacker ask for permission to file “readme”.◦ OS Checks permission on file, ◦ OS does something else…◦ Hacker makes file a symbolic link from readme
to /etc/shadow.◦ OS allows access to file. Hacker changes
passwords.
Discussion QuestionsDiscussion QuestionsThe common description of a
salami attack is penny shaving. ◦Steal small amounts that no one will
notice.How could you prevent a salami
attack from being part of your software product?◦Can you identify 3 controls to help?
VirusVirusAgent: virus author.Malware that does not spread
automatically.Requires a carrier (USB, CDROM,
floppy).Macro: MS (Word, Excel).Polymorphic: changes its signature on
install.Boot sector: loads on system startup.Stealth: hides from anti-virus software.
Figure 3-4 Virus Appended to a Program.
Figure 3-5 Virus Surrounding a Program.
Figure 3-6 Virus Integrated into a Program.
Figure 3-7 Virus Completely Replacing a Program.
Figure 3-8 Boot Sector Virus Relocating Code.
Figure 3-9 Recognizable Patterns in Viruses.
Anti-Virus is ReactionaryAnti-Virus is Reactionary
Polymorphic VirusPolymorphic Virus
Virus coded to modify its signature.Insert lines containing random
comments.Scanners: remove comments, white
space. Insert junk code intermittently.
◦ Changes the capitalization of the letters in the crucial strings.◦ Traditional code normalization techniques are not applicable.
Use static encryption.Change Variable names.
Protection Ring ModelProtection Ring Model
Root kitsRoot kitsMalware that replaces portions of an
operating system at user level 3.◦ Unix: replace ls, ps etc.
PATH:.:/usr/bin:/usr/sbin Hide from /proc on linux
◦ Windows Replace dir or task list
Kernel-mode rootkits operate in ring 0.◦ Hide from /proc on linux