510 likes | 681 Vues
Software Security Course. Course Outline 2-27-09. Course Overview. Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security Engineering How To - Secure Design How To - Secure Implementation How To - Security Testing How To - Secure Deployment
E N D
Software Security Course Course Outline 2-27-09
Course Overview • Introduction to Software Security • Common Attacks and Vulnerabilities • Overview of Security Engineering • How To - Secure Design • How To - Secure Implementation • How To - Security Testing • How To - Secure Deployment • Compliance and Regulatory Standards • Special Topics • Additional Resources
Introduction to Software Security • Definition and Context • Why Security Matters • Myths and Urban Legends • Threats and Examples • Case Studies • Concepts and Definitions
Definition and Context • Software security as part of the larger problem of developing robust, reliable code • Describe the relationship between software security and: • Corporate information security policies • Corporate risk strategies • Explain the differences between software and network security • Areas of overlap • Areas of divergence • Pros and cons of each area of investment
Definition and Context • CIA as a way to think about security • STRIDE as a way to assess impact of a threat • DREAD as a way to categorize the severity of a threat
Why Security Matters • Customers care – now more than ever • Patching is expensive • Regulatory compliance • Security failures == business risk • Competitive advantage • Critical part of TCO • The threat environment is bad and getting worse • Attackers have the advantage
Myths and Urban Legends • Security is only required in the OS • 15% are OS vulns • I only need a good patch strategy • Mean time to attack: 330 days -> 2 weeks • I have a firewall, AV and IDS • 92% of vulns are software, not network • Functional testing finds security defects • Good practices from design->deploy are required • I use Java (or .NET) • Only helps with some classes of problem • I use cryptography • Helps with some threats, but just one tool in the toolbox
Case Studies • Show real world impact, examine past mistakes • Love Virus • Saphire Worm • TJX • Heartland
Concepts and Definitions • Asset • Attack • Control • Countermeasure or mitigation • Guideline • Information Security • Insider Threat • Policy • Privacy • Risk • Risk Analysis • Risk Assessment • Security Engineering • Security Requirement • Threat • Vulnerability
Common Attacks and Vulnerabilities • Types of Attackers • Attacker Motivation • Attacker Origin • Anatomy of an Attack • Attacker Tools • OWASP Top 10 • CWE/SAN Top 25
Types of Attackers • Script Kiddies • Amateur Experts • Crack Experts • Professionals
Attacker Motivation • White Hat • Black Hat • Grey Hat
Attacker Origin • Internal attackers – the insider threat • External attackers
Anatomy of an Attack • Targeting • Probing • Attempting penetration • Securing hold • Cleanup and propagation
Attacker Tools • Whitebox • Greybox • Blackbox
OWASP Top 10 • Cross Site Scripting • Injection Flaws • Malicious File Execution • Insecure Direct Object Reference • Cross Site Request Forgery • Information Leakage and Improper Error Handling • Broken Authentication and Session Management • Insecure Cryptographic Storage • Insecure Communications • Failure to restrict URL access
CWE/SANS 25 Most Dangerous • CWE and SANS put together a list of the 25 most dangerous coding errors • Insecure interaction between components • Risky resource management • Porous defenses http://www.sans.org/top25errors/
Overview of Security Enginering • How it Fits • Key Activities
Key Activities • Threat Modeling • Security Design Best Practices • Security Design Review • Security Coding Best Practices • Security Code Review • Penetration Test • Security Deployment Review
How To – Secure Design • Design Principles • Design Patterns
Design Principles • Simplify the design • Least privilege • Defense in depth • Fail secure • Secure by default • Compartmentalize • Attack Surface Reduction • …
Design Patterns • Trusted Subsystem • Brokered Authentication • …
How To – Secure Implementation • Coding Principles • OS Fundamentals • Common Errors • Common Web Errors
Coding Principles • Validate all user input • Auditing and logging • Limit resource consumption • …
OS Fundamentals • Access controls • .NET code access security • Java sandbox • Cryptography • …
Common Errors • Integer overflows • Failure to validate input • Failure to protect sensitive data • Failure to understand and protect across trust boundaries • Insecure error messages • Buffer overflows and other errors that occur only in compiled languages such as C/C++ • …
Common Web Errors • Trusting client-side validation • Failure to validate input and encode output • Failure to protect the session • Failure to protect against zero and one-click attacks • Disclosing too much information • …
How To – Security Testing • Security Testing is Different • Think Like an Attacker • Categories of Attack • How to Test the Top 10
Security Testing is Different Intended Behavior Actual Behavior Most Security Bugs Traditional Bugs
Think Like an Attacker • Security bugs: • Are much harder to spot…they often have no visible (to the human eye) behavior…we need better tools • Require us to think about side effects and what sensitive data might be exposed • Require us to “think backwards”…that is, instead of thinking what should happen, we need to think about what shouldn’t happen
Categories of Attack • External dependencies • Unanticipated user input • Vulnerable design • Vulnerable implementation
How to Test the Top 10 • Cross Site Scripting • Injection Flaws • Malicious File Execution • Insecure Direct Object Reference • Cross Site Request Forgery • Information Leakage and Improper Error Handling • Broken Authentication and Session Management • Insecure Cryptographic Storage • Insecure Communications • Failure to restrict URL access
How To – Secure Deployment • Deployment Principles • Deployment Patterns
Deployment Principles • The importance of configuration • How physical deployment impacts security • How software design can make it easier to manage security and detect attacks post-deployment
Deployment Patterns • Understand the common application types: • Mobile Client • Rich Client • Rich Internet Application • Service Interfaces (SAAS, S+S) • Web Application • Understand the common deployment patterns: • Single server, non-distributed • Multiple server, distributed • Understand the impact: • Impersonation and delegation • Layer interfaces • Trust boundaries
Regulatory Standards • Overview of the regulation: • PCI • HIPPA • Cover what these mean from a developer point of view • http://msdn.microsoft.com/en-us/library/aa480484.aspx
Additonal Topics to Consider • Privacy Issues • Digital Rights Management (DRM) • Social Engineering Attacks