Software Security

Get Started. It's Free
or sign up with your email address
Software Security by Mind Map: Software Security

1. Part 2: Seven Touchpoints for Software Security

1.1. 3. Introduction to Software Security Touchpoints

1.1.1. Flyover: Seven Terrific Touchpoints 1. Code Review (Tools) 2. Architectural Risk Analysis 3. Penetration Testing 4. Risk-Based Security Testing 5. Abuse Cases 6. Security Requirements 7. Security Operations *. External Analysis Security Requirments Why Only Seven?

1.1.2. Black and White: Two Threads Inextricably Interwined

1.1.3. Moving Left

1.1.4. Touchpoints as Best Practices Coder's Corner

1.1.5. Who Should Do Software Security? Building a Software Security Group Don't start with security people Software Security in the Academy Start with software people Software Security Is a Multidisciplinary Effort Creativity in a New Discipline

1.1.6. Touchpoints to Success

1.2. 4. Code Review with a Tool

1.2.1. Catching Implementation Bugs Early (with a Tool) Binary Analysis?!

1.2.2. Aim for Good, Not Perfect

1.2.3. Ancient History

1.2.4. Approaches to Static Analysis A History of Rule Coverage Modern Rules

1.2.5. Tools from Researchland Modern Security Rules Schema A Complete Modern Rule

1.2.6. Commercial Tool Vendors Commercial Source Code Analyzers Key Characteristics of a Tool Be designed for security Support multiple tiers Be extensible Be useful for security analysts and developers alike Support existing development processes Make sense to multiple stakeholders Three Characteristics to Avoid Too many false positives Spotty integration with IDEs Single-minded support for C The Fortify Source Code Analysis Suite The Fortify Knowledge Base Using Fortify

1.2.7. Touchpoint Process: Code Review

1.2.8. Use a Tool to Find Security Bugs

1.3. 5. Architectural Risk Analysis

1.3.1. Common Themes among Security Risk Analysis Approaches Basic substeps Learn as much as possible about the target of analysis Discuss security issues surrounding the software Determine probability of compromise Perform impact analysis Rank risks Develop a mitigation strategy Report findings Risk Analysis in Practice Risk Analysis Fits in the RMF

1.3.2. Traditional Risk Analysis Terminology

1.3.3. Knowledge Requirement

1.3.4. The Necessity of a Forest-Level View

1.3.5. A Traditional Example of a Risk Calculation

1.3.6. Limitations of Traditional Approaches

1.3.7. Modern Risk Analysis

1.3.8. Touchpoint Process: Architectural Risk Analysis

1.3.9. Getting Started with Risk Analysis

1.3.10. Architectural Risk Analysis Is a necessity

1.4. 6. Software Penetration Testing

1.4.1. Software Penetration Testing

1.4.2. Penetration Testing Today

1.4.3. Software Penetration Testing a Better Approach

1.4.4. Incorporating Findings Back into Development

1.4.5. Using Penetration Tests to Assess the Application Landscape

1.4.6. Proper Penetration Testing Is Good

1.5. 7. Risk-Based Security Testing

1.5.1. From Outside → In to Inside → Out

1.5.2. What's So Different about Security?

1.5.3. Risk Management and Security Testing

1.5.4. How to Approach Security Testing Who How An Example: Java Card Security Testing Automating Security Testing Results: Nonfunctional Security Testing Is Essential Coder's Corner

1.5.5. Thinking about (Malicious) Input eXtreme Programming and Security Testing

1.5.6. Getting Over Input

1.5.7. Leapfrogging the Penetration Test

1.6. 8. Abuse Cases

1.6.1. Holding Software Vendors Accountable

1.6.2. Security Is Not a Set of Features

1.6.3. What You Can't Do

1.6.4. Creating Useful Abuse Cases But No One Would Ever Do That!

1.6.5. Touchpoint Process: Abuse Case Development Creating Anti-Requirements Coders Corner Creating an Attack Model

1.6.6. An Abuse Case Example Attack Patterns from Exploiting Software Make the client invisible Target programs that write to privileged OS resources Use a user-supplied configuration file to run commands that elevate privilege make use of configuration file search paths direct access to executable files embedding scripts within scripts leverage executable code in nonexecutable files argument injection command delimiters multiple parsers and double escapes user-supplied variable passed to filesystem calls postfix NULL terminator postfix, null terminate, and backslash relative path traversal client-controlled environment variables user-supplied global variables (DEBUG=1, PHP Globals,...) session id, resource id, and blind trust analog in-band switching signals (aka "Blue Boxing") Attack pattern fragment: manipulating terminal devices simple script injection embedding scripts in nonscript elements XSS in HTTP headers HTTP query strings User-controlled filenames passing local filenames to functions that expect a URL Meta-characters in E-mail Headers Filesystem function injection, content based Client-side injection, buffer overflow cause web server misclassification Alternate Encoding of the leading ghost characters using slashes in alternate encoding using escaped slashes in alternate encoding unicode encoding UTF-8 encoding URL encoding Alternative IP addresses slashes and URL encoding combined web logs overflow binary resource files overflow variables and tags overflow symbolic links MIME conversion HTTP cookies Filter failure through buffer overflow Buffer overflow with environment variables Buffer overflow in an API call Buffer overflow in local command-line utilities parameter expansion String format overflow in syslog()

1.6.7. Abuse Cases Are Useful

1.7. 9. Software Security Meets Security Operations

1.7.1. Don't Stand So Close to Me

1.7.2. Kumbaya (for Software Security) Requirements: Abuse Cases Design: Business Risk Analysis Design: Architectural Risk Analysis Test Planning: Security Testing Implementation: Code Review System Testing: Penetration Testing Know When Enough Is Too Much Fielded System: Deployment and Operations

1.7.3. Come Together (Right Now) The Infosec Boogey Man Coders Corner

1.7.4. Future's So Bright, I Gotta Wear Shades

2. Part 3: Software Security Grows Up

2.1. 10. An Enterprise Software Security Program

2.1.1. The Business Climate

2.1.2. Building Blocks of Change Overcoming Common Pitfalls Over-reliance on Late-Lifecycle Testing Management without Measurement Training without Assessment Lack of High-Level Commitment Cigital change program maturity path sequence (6 phases) Stop the bleeding Harvest the low-hanging fruit Establish a foundation Craft core competencies Develop differentiators Build out nice-to-haves

2.1.3. Building an Improvement Program

2.1.4. Establishing a Metrics Program A Three-Step Enterprise Rollout

2.1.5. Continous Improvement

2.1.6. What about COTS (and Existing Software Applications)? An Enterprise Information Architecture

2.1.7. Adopting a Secure Development Lifecycle

2.2. 11. Knowledge for Software Security

2.2.1. Experience, Expertise, and Security

2.2.2. Security Knowledge: A Unified View Software Security Unified Knowledge Architecture A Bird's-Eye View of Software Security Knowledge Catalogs Principles Guidelines Rules Attack patterns Historical risks Vulnerabilities Exploits

2.2.3. Security Knowledge and the Touchpoints

2.2.4. The Department of Homeland Security Build Security In Portal Knowledge Catalog: Principle Item: Principle of Least Privilege A Principle A Rule Aspects of Software Assurance Best Practices Knowledge Tools Business case Dynamic navigation

2.2.5. Knowledge Management Is Ongoing

2.2.6. Software Security Now

2.3. 12. A Taxonomy of Coding Errors

2.3.1. On Simplicity: Seven Plus of Minus Two Input Validation and Representation API Abuse Security Features Time and State Error Handling Code Quality Encapsulation Environment

2.3.2. The Phyla Input Validation and Representation Buffer Overflow Command Injection Cross-Site Scripting Format String HTTP Response Splitting Illegal Pointer Value Integer Overflow Log Forging Path Traversal Process Control Resource Injection Setting Manipulation SQL Injection String Termination Error Struts Unsafe JNI Unsafe Reflection XML Validation API Abuse Dangerous Function Directory Restriction Heap Inspection J2EE Bad Practices Often misused Unchecked Return Value Security Features Insecure Randomness Least Privilege Violation Missing Access Control Password Management Privacy Violation Time and State Deadlock Failure to Begin a New Session upon Authentication File Access Race Condition: TOCTOU Insecure Temporary File J2EE Bad Practices Signal Handling Race Conditions Error Handling Catch NullPointerException Empty Catch Block Overly Broad Catch Block Overly Broad Throws Declaration Unchecked Return Value Code Quality Double Free Inconsistent Implementations Memory Leak Null Dereference Obsolete Undefined Behavior Uninitialized Variable Unreleased Resource Use After Free Encapsulation Comparing Classes by Name Data Leaking Between Users Leftover Debug Code Mobile Code Private Array-Typed Field Returned from a Public Method Public Data Assigned to Private Array-Typed Field System Information Leak Trust Boundary Violation Environment ASP .NET Misconfiguration Insecure Compiler Optimization J2EE Misconfiguration More Phyla Needed

2.3.3. A Complete Example Often Misused: Authentication Abstract Explanation Recommendations

2.3.4. Lists, Piles, and Collections Academic Literature Vulnerabilities Attacks Toward a Taxonomy Nineteen Sins Meet Seven Kingdoms Input Validation and Representation API Abuse Security Features Time and State Error Handling Code Quality Encapsulation Environment Seven Kingdoms and the OWASP Ten Input Validation and Representation API Abuse Security Features Time and State Error Handling Code Quality Encapsulation Environment

2.3.5. Go Forth (with the Taxonomy) and Prosper Taxonomy goals Simple Intuitive to a developer Practical (rather than theoretical and comprehensive) Amenable to automatic identification of errors with static analysis tools Adaptable with respect to changes in trends that happen over time

3. Part 1: Software Security Fundamentals

3.1. 1. Defining a Discipline

3.1.1. The Security Problem The Trinity of Trouble: Why the Problem is Growing Connectivity Extensibility Complexity Basic Science

3.1.2. Security Problems in Software Bugs and Flaws and Defects, Oh My! Defect Bug Flaw Risk The Range of Defects The Problem with Application Security Application Security Testing Tools: Good or Bad? Software Security and Operations Security versus Software

3.1.3. Solving the Problem: The Three Pillars of Software Security Pillar 1: Applied Risk Management Pillar 2: Software Security Touchpoints Microsoft's Trustworthy Computing Initiative Pillar 3: Knowledge

3.1.4. The Rise of Security Engineering Software Security Is Everyone's Job

3.2. 2. A Risk Management Framework

3.2.1. Putting Risk Management into Practice

3.2.2. How to use This Chapter

3.2.3. The Five Stages of Activity Stage 1: Understand the Business Context Stage 2: Identify the Business and Technical Risks Stage 3: Synthesize and Rank the Risks Stage 4: Define the Risk Mitigation Strategy Stage 5: Carry Out Fixes and Validate Measuring and Reporting on Risk

3.2.4. The RMF Is a Multilevel Loop

3.2.5. Applying the RMF: KillerAppCo's iWare 1.0 Server Understanding the Business Context Gathering the Artifacts Conducting Project Research Identifying the Business and Technical Risks Developing Risk Questionaires Interviewing the Target Project Team Analyzing the Research and Interview Data Uncovering Technical Risks Analyzing Software Artifacts Synthesizing and Ranking the Risks Reviewing the Risk Data Conducting the Business and Technical Peer Review Defining the Risk Mitigation Strategy Brainstorming on Risk Mitigation Authoring the Risk Analysis Report Producing Final Deliverables Carrying Out Fixes and Validating

3.2.6. The Importance of Measurement Measuring Return Measurement and Metrics in the RMF

3.2.7. The Cigital Workbench

3.2.8. Risk Management Is a Framework for Software Security