1 / 18

BUILDING A SECURE STANDARD LIBRARY

BUILDING A SECURE STANDARD LIBRARY. ASP.NET TECHNOLOGY DEVELOPMENT. FOR. Information Assurance Project I MN121051 Tajuddin hj . Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff. introduction. Resource: OWASP Top 10 – 2013, The Ten Most Critical Web Application Security Risks.

wanda
Télécharger la présentation

BUILDING A SECURE STANDARD LIBRARY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BUILDING A SECURE STANDARD LIBRARY ASP.NET TECHNOLOGY DEVELOPMENT FOR Information Assurance Project I MN121051 Tajuddin hj. Tappe Supervisor Mdm. RasimahCheMohdYusoff

  2. introduction Resource: OWASP Top 10 – 2013, The Ten Most Critical Web Application Security Risks

  3. DEMO: SQL INJECTION

  4. Library - is a pre-compiled code file (with extension .dll) that contains code and data that can be used by more than one program or application. By using a DLL file, a program can be modularized into separate components. Additionally, updates are easier to apply to each module without affecting other parts of the program (Microsoft, 2007). Standard - means providing requirements, specifications, guidelines or characteristics that can be used consistently to ensure that processes and services are fit (www.iso.org/iso/home/standards.htm) is used because the proposed library will provide built-in functionalities as a standard for the purpose of the implementation to secure coding practices. Secure - With the standard that will be implemented within the library, it also will take concern about validating data and input so that the process will be implemented in a secure manner. Secure standard library

  5. Web application security is fundamentally different than host or network security, and requires a different approach. • Custom code creates custom vulnerabilities. • Developers are not exactly the same with Security Experts. • Web Application Firewalls (WAF) are effective against known threats, but sometime they are less capable of discovering new issues or handling questionable use cases. Why need to emphasize on secure coding practices and standardization?

  6. To identify the most common functionalities that always being used by most developers in an application project development Develop a class library that will have a standard which will provide the identified common functionalities Project Aim Provided with secure coding practices, especially to encounter the most highest identified attack such as SQL injection, Cross-site scripting (XSS), etc. which mostly will be based on OWASP top ten most critical web application security risks

  7. The research questions are as below: • How an application can be exploited from their vulnerability which caused by the developer themself. • What are the common functionalities that usually required by most developer in their development environment. Research Questions

  8. The objectives of this study are as below: • To identify the secure coding practices requirements within ASP.NET technologies development. • To identify suitable standards for common functionalities in development environment. • To develop a secure standard library for ASP.NET technology development with secure coding practices. • To test the developed library with any ASP.NET technology development. Research Objectives

  9. The library will be available to be used by ASP.NET developer and environment, specifically by using C# or VB programming language. It also requires .NET Framework installed on the machine or server. • The library will be applicable for a new ASP.NET project development and there are lots of code modifications required for existing application which are already developed. • Most of secure coding practices are based on OWASP Secure Coding Practices Document, but it will not cover all of the implementations in the checklist. Research Scope

  10. RESEARCH METHODOLOGY:OPERATIONAL FRAMEWORK

  11. Phase 1 - Initiating Phase 2 - Modelling Phase 3 - Designing Phase 4 - Developing Phase 5 - Testing Phase 6 - Implementing Phase 7 - Finalizing

  12. UML Documentation • Test cases for testing report • Report for the usage of the library • Final report thesis evaluation

  13. Expected outcome:sample of implementation

  14. Common practice…

  15. Using proposed library…

  16. Developers cannot prevent security flaws in their code unless they know the types of flaws that can occur. But organization still could not rely hundred percent to developer for ensuring their program is secure all the time since developer is responsible to focus on development of functional requirements. Developers want to do the right thing, but they need to know what the right thing is. It could be the responsible for organization to help developers to specify within their policy or procedure, about what tools / techniques / libraries for developer can use in order to implement secure environment within their application project development. With the implementation of this study, it might allow other future researchers to continue upgrading and keep implementing new practices and techniques about this kind of study with other possible technologies available such as PHP, Java, ColdFusion, etc. This could be a good platform worldwide in our continuous efforts to reduce possible attack vectors within web application. conclusion

  17. End of slide. Thank you.

More Related