apa style

profileJamVic
SDS.pptx

CISSP Guide to Security Essentials, Second Edition

Software Development Security

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

1

CISSP Guide to Security Essentials, 2e

2

Objectives

Operating systems

Types of applications

Application models and technologies

Application threats and countermeasures

Security in the software development life cycle

Application security controls

Databases and data warehouses

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

2

Operating Systems

Operating system components

Kernel

Process management

Memory management

Hardware resource management

Device drivers

Tools

CISSP Guide to Security Essentials, 2e

3

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Operating Systems (cont.)

Operating system security functions

Authentication

Resource access

Access control

Communication

Event logging

CISSP Guide to Security Essentials, 2e

4

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

5

Types of Applications

Agents

Standalone programs that are part of a larger application

Examples:

Anti-malware

Patch management

Configuration management

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

6

Types of Applications (cont.)

Applets

Software programs that run within the context of another program

Example: media players within browser

Client-server

Separate programs on clients and servers communicate via networks and work together

Few developed now but many are in use

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

7

Types of Applications (cont.)

Distributed

Software components run on several systems

Two-tier, three-tier, multi-tier

Reasons: scalability, performance, geographical

Web

Web browser as client, application server back-end

Client software nearly universal

Application software centralized

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

8

Software Models and Technologies

Control flow languages

Structured languages

Object oriented languages

Knowledge based languages

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

9

Control Flow Languages

Linear, sequential

Use of “if – then – else”

Branching with “go to”

Examples:

BASIC, COBOL, Cold Fusion, FORTRAN, Perl, PHP, Python, VBScript

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

10

Structured Languages

Nested, heavy use of subroutines and functions

Little or no “go to”

Examples:

C

Pascal

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

11

Object-Oriented Languages

Utilize concepts of object programming

Classes, objects, instances, and inheritance

Methods, instantiations

Encapsulation, abstraction, polymorphism

Examples

C++, C#, Java, Ruby, Simula, Smalltalk

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

12

Knowledge-Based Systems

Neural networks

Modeled after biological reasoning processes

Artificial neurons that store pieces of information

Given cases about situations and outcomes, can predict future outcomes

Expert systems

Inference engine and knowledge base of past situations and outcomes

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

13

Threats in the Software Environment

Reasons for attacks

Industrial espionage

Vandalism and disruption

Denial of service

Political / religious

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Software Attack Approaches

Authentication bypass

Access a system’s resources without providing credentials

Privilege escalation

Trick a system into providing a higher level of privileges, which provides access to more information and functions

Denial of service

Incapacitate a system

CISSP Guide to Security Essentials, 2e

14

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Threats to Software

Buffer overflow

Covert channel

Side channel attack

Malicious software

Input attacks

Object reuse

Mobile code

Social engineering

Back door

Logic bomb

CISSP Guide to Security Essentials, 2e

15

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

16

Threats to Software(cont.)

Buffer overflow attacks

Disrupt a software application by providing more data to the application than it was designed to handle

Types

Stack buffer overflow

NOP sled attack

Heap overflow

Jump to register attack

Examples: Morris worm, ping of death, Code Red, SQL Slammer, Blaster, Sasser, Conficker

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

17

Software Attach Approaches (cont.)

Buffer overflow attack countermeasures

Use safe languages and libraries

Executable space protection

Stack smashing protection

Application firewalls

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

18

Threats to Software (cont.)

Covert channel

Unintended and hidden channel of communications

Types:

Covert storage channel: read a storage location and learn about the application or other data

Timing channel: observe timings in an application to determine what is happening in the application

Countermeasures

Careful software analysis, good software engineering

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

19

Threats to Software (cont.)

Side channel attack

An attack on a cryptosystem based upon physical information gained from the system

Examples: timing, power consumption, emanations, and even sounds

Countermeasures

Limit release of information through shielding and other means

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

20

Threats to Software (cont.)

Malicious software

Types: viruses, worms, Trojan horses, rootkits, bots, spam, pharming, spyware, key loggers

Purpose

Steal, corrupt, or destroy information

Remote control

Denial of service

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Clarification: spam, phishing, pharming and whaling are mechanisms for transporting malware to the target system.

20

CISSP Guide to Security Essentials, 2e

21

Threats to Software (cont.)

Types of malware

Virus: human assisted replication, embed in programs, files, master boot records

Worm: self replicating, scan for victims, rapid spread

Trojan horse: claims one function, but is malware

Rootkit: hide within or beneath the operating system

Bot: remote control zombie (also known as Remote Access Trojan (RAT) )

Spam: unsolicited e-mail

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Clarification: spam, phishing, pharming and whaling are mechanisms for transporting malware to the target system.

21

CISSP Guide to Security Essentials, 2e

22

Threats to Software (cont.)

Types of malware (cont.)

Pharming: attack on DNS to redirect traffic to decoy application

Spyware: collect information about usage, forward to central server

Key logger: logs keystrokes and mouse movements, forwards to central server

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Clarification: spam, phishing, pharming and whaling are mechanisms for transporting malware to the target system.

22

CISSP Guide to Security Essentials, 2e

23

Threats to software (cont.)

Malware countermeasures

Anti-malware

Application whitelisting

Process profiling

Spam filters

Patches

Firewalls and application firewalls

Hardened systems

Intrusion prevention systems

Decreased privilege levels

Penetration testing

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

24

Threats to Software (cont.)

Input attacks

Buffer overflow

Integer overflow

Script injection

Cross site scripting

Cross site request forgery

Countermeasures

Input field filtering, application firewall, application vulnerability scanning, software developer training

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

25

Threats to Software (cont.)

Object reuse

Use of a resource belonging to another process, including:

Memory, databases, file systems, temporary files, and paging space

Object reuse countermeasures

Application isolation

Server virtualization

Developer training

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

26

Threats to Software (cont.)

Mobile code

Executable code, active content, downloadable content

Examples: active website content, downloaded programs

Some is desired, but some is malicious in nature

Mobile code countermeasures

Anti-malware, mobile code access controls

Application whitelisting

Reduced user privileges

Secure system configuration

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

27

Threats to Software (cont.)

Social engineering

Attack on personnel to gain secrets

People are vulnerable because they want to help

Social engineering countermeasures

Security awareness training that includes accountability

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

28

Threats to Software (cont.)

Back door / maintenance hook

Access holes deliberately planted by a developer

To facilitate easier testing during development

To facilitate production access

To facilitate a break-in

Back door countermeasures

Code reviews

Source code control

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

29

Threats to Software (cont.)

Logic bombs

Deliberate malfunction that causes harm

Time bombs

Activate on a given date and time

Event bombs

Activate on a specific event

Logic bomb countermeasures

Software source code review, external audits

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

30

Security in the Software Development Life Cycle (SDLC)

SDLC

The entire collection of processes used to design, develop, test, implement, and maintain software

Security must be included in each step of the SDLC

Conceptual

Requirements and specifications development

Application design, coding, and testing

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

31

Security in the Software Development Life Cycle (cont.)

Security in the conceptual stage

Presence of sensitive information must be identified

Access controls (users, administrators, third parties)

Regulatory conditions

Security dependencies

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

32

Security in the Software Development Life Cycle (cont.)

Security application requirements and specifications

Functional requirements

Standards

Security requirements

Roles, access controls, audit logging, configuration management

Regulatory requirements

Test plan a byproduct of requirements

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

33

Security in the Software Development Life Cycle (cont.)

Security in application design

Adhere to all requirements and specifications

Published design documents

Design reviews

Reviewed by all stakeholders including security

Threat risk modeling

Identify threats and risks prior to development

Possible changes to specs, req’s, or design

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

34

Security in the Software Development Life Cycle (cont.)

Security in application coding

Develop safe code

Free of common vulnerabilities

Use safe libraries that include safe functions for input validation

Security in testing

Testing should verify correct coding of every requirement and specification

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

35

Security in the Software Development Life Cycle (cont.)

Protect the SDLC itself

Source code access control

Protect source code

Record version changes

Protection of software development and testing tools

Protect from unauthorized modifications

Protection of software development systems

Prevent introduction of malware, back doors, logic bombs

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

36

Application Environment and Security Controls

Controls that must be present in a developed application

Authentication

Limiting access to only legitimate, approved users

Authorization

Limiting access only to approved functions and data

Role-based access control (RBAC)

Assign authorizations to roles, assign roles to users

Audit logging

Logging of all actions in the application

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

37

Database Architectures

Hierarchical databases: tree structure (no longer produced)

Network databases: complex tree structure (no longer produced)

Object databases: OO, methods stored with data

Distributed databases: physically distributed, any type

Relational databases (RDBMS): in widest use today

Oracle, SQL Server, DB2, MySQL, etc.

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Data Warehouse

A type of database that is used for decision support and research purposes

A copy of some or all transaction data

Usually, refreshed periodically (typically daily)

Indexed and tuned differently than a transaction database

Complex queries into trends do not affect production transactions

CISSP Guide to Security Essentials, 2e

38

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

39

Database Transactions

Records retrieval

Records update

Records creation

Nested or complex transactions executed as a unit

Begin work… <transactions> …end work

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

40

Database Security Controls

Access controls

User ids, passwords

Table / row / field level access control

Read-only or read/write

Views

Virtual tables that are a subset of individual tables, or a “join” between tables

Permission given to views just like “real” tables

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

41

Summary

Operating system components: kernel, device drivers, tools

Operating system functions: authentication, resource access, access control, communication, event logging

Types of applications: agents, applets, client-server, distributed, web

Application language types: control flow, structured, object oriented, knowledge based

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

42

Summary (cont.)

Reasons for threats to applications: industrial espionage, vandalism and disruption, denial of service, political / religious

Types of threats

buffer overflow, covert channel, side channel, malware, input attacks, object reuse, mobile code, social engineering, back door, logic bomb

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

CISSP Guide to Security Essentials, 2e

43

Summary (cont.)

Software development life cycle (SDLC) steps

Conceptual, requirements / specifications, design, coding, testing, maintenance

Source code control, configuration management

Software environment security controls

Authentication, access control, role based access control (RBAC), audit logging

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Summary (cont.)

Types of databases

Hierarchical, network, distributed, object-oriented, relational (most common)

Database security controls: userid, access control, audit logging, views

CISSP Guide to Security Essentials, 2e

44

© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

44