apa style
JamVicCISSP Guide to Security Essentials, Second Edition
Software Development Security
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
1
CISSP Guide to Security Essentials, 2e
2
Objectives
Operating systems
Types of applications
Application models and technologies
Application threats and countermeasures
Security in the software development life cycle
Application security controls
Databases and data warehouses
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
2
Operating Systems
Operating system components
Kernel
Process management
Memory management
Hardware resource management
Device drivers
Tools
CISSP Guide to Security Essentials, 2e
3
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Operating Systems (cont.)
Operating system security functions
Authentication
Resource access
Access control
Communication
Event logging
CISSP Guide to Security Essentials, 2e
4
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
5
Types of Applications
Agents
Standalone programs that are part of a larger application
Examples:
Anti-malware
Patch management
Configuration management
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
6
Types of Applications (cont.)
Applets
Software programs that run within the context of another program
Example: media players within browser
Client-server
Separate programs on clients and servers communicate via networks and work together
Few developed now but many are in use
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
7
Types of Applications (cont.)
Distributed
Software components run on several systems
Two-tier, three-tier, multi-tier
Reasons: scalability, performance, geographical
Web
Web browser as client, application server back-end
Client software nearly universal
Application software centralized
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
8
Software Models and Technologies
Control flow languages
Structured languages
Object oriented languages
Knowledge based languages
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
9
Control Flow Languages
Linear, sequential
Use of “if – then – else”
Branching with “go to”
Examples:
BASIC, COBOL, Cold Fusion, FORTRAN, Perl, PHP, Python, VBScript
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
10
Structured Languages
Nested, heavy use of subroutines and functions
Little or no “go to”
Examples:
C
Pascal
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
11
Object-Oriented Languages
Utilize concepts of object programming
Classes, objects, instances, and inheritance
Methods, instantiations
Encapsulation, abstraction, polymorphism
Examples
C++, C#, Java, Ruby, Simula, Smalltalk
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
12
Knowledge-Based Systems
Neural networks
Modeled after biological reasoning processes
Artificial neurons that store pieces of information
Given cases about situations and outcomes, can predict future outcomes
Expert systems
Inference engine and knowledge base of past situations and outcomes
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
13
Threats in the Software Environment
Reasons for attacks
Industrial espionage
Vandalism and disruption
Denial of service
Political / religious
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Software Attack Approaches
Authentication bypass
Access a system’s resources without providing credentials
Privilege escalation
Trick a system into providing a higher level of privileges, which provides access to more information and functions
Denial of service
Incapacitate a system
CISSP Guide to Security Essentials, 2e
14
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Threats to Software
Buffer overflow
Covert channel
Side channel attack
Malicious software
Input attacks
Object reuse
Mobile code
Social engineering
Back door
Logic bomb
CISSP Guide to Security Essentials, 2e
15
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
16
Threats to Software(cont.)
Buffer overflow attacks
Disrupt a software application by providing more data to the application than it was designed to handle
Types
Stack buffer overflow
NOP sled attack
Heap overflow
Jump to register attack
Examples: Morris worm, ping of death, Code Red, SQL Slammer, Blaster, Sasser, Conficker
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
17
Software Attach Approaches (cont.)
Buffer overflow attack countermeasures
Use safe languages and libraries
Executable space protection
Stack smashing protection
Application firewalls
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
18
Threats to Software (cont.)
Covert channel
Unintended and hidden channel of communications
Types:
Covert storage channel: read a storage location and learn about the application or other data
Timing channel: observe timings in an application to determine what is happening in the application
Countermeasures
Careful software analysis, good software engineering
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
19
Threats to Software (cont.)
Side channel attack
An attack on a cryptosystem based upon physical information gained from the system
Examples: timing, power consumption, emanations, and even sounds
Countermeasures
Limit release of information through shielding and other means
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
20
Threats to Software (cont.)
Malicious software
Types: viruses, worms, Trojan horses, rootkits, bots, spam, pharming, spyware, key loggers
Purpose
Steal, corrupt, or destroy information
Remote control
Denial of service
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Clarification: spam, phishing, pharming and whaling are mechanisms for transporting malware to the target system.
20
CISSP Guide to Security Essentials, 2e
21
Threats to Software (cont.)
Types of malware
Virus: human assisted replication, embed in programs, files, master boot records
Worm: self replicating, scan for victims, rapid spread
Trojan horse: claims one function, but is malware
Rootkit: hide within or beneath the operating system
Bot: remote control zombie (also known as Remote Access Trojan (RAT) )
Spam: unsolicited e-mail
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Clarification: spam, phishing, pharming and whaling are mechanisms for transporting malware to the target system.
21
CISSP Guide to Security Essentials, 2e
22
Threats to Software (cont.)
Types of malware (cont.)
Pharming: attack on DNS to redirect traffic to decoy application
Spyware: collect information about usage, forward to central server
Key logger: logs keystrokes and mouse movements, forwards to central server
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Clarification: spam, phishing, pharming and whaling are mechanisms for transporting malware to the target system.
22
CISSP Guide to Security Essentials, 2e
23
Threats to software (cont.)
Malware countermeasures
Anti-malware
Application whitelisting
Process profiling
Spam filters
Patches
Firewalls and application firewalls
Hardened systems
Intrusion prevention systems
Decreased privilege levels
Penetration testing
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
24
Threats to Software (cont.)
Input attacks
Buffer overflow
Integer overflow
Script injection
Cross site scripting
Cross site request forgery
Countermeasures
Input field filtering, application firewall, application vulnerability scanning, software developer training
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
25
Threats to Software (cont.)
Object reuse
Use of a resource belonging to another process, including:
Memory, databases, file systems, temporary files, and paging space
Object reuse countermeasures
Application isolation
Server virtualization
Developer training
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
26
Threats to Software (cont.)
Mobile code
Executable code, active content, downloadable content
Examples: active website content, downloaded programs
Some is desired, but some is malicious in nature
Mobile code countermeasures
Anti-malware, mobile code access controls
Application whitelisting
Reduced user privileges
Secure system configuration
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
27
Threats to Software (cont.)
Social engineering
Attack on personnel to gain secrets
People are vulnerable because they want to help
Social engineering countermeasures
Security awareness training that includes accountability
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
28
Threats to Software (cont.)
Back door / maintenance hook
Access holes deliberately planted by a developer
To facilitate easier testing during development
To facilitate production access
To facilitate a break-in
Back door countermeasures
Code reviews
Source code control
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
29
Threats to Software (cont.)
Logic bombs
Deliberate malfunction that causes harm
Time bombs
Activate on a given date and time
Event bombs
Activate on a specific event
Logic bomb countermeasures
Software source code review, external audits
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
30
Security in the Software Development Life Cycle (SDLC)
SDLC
The entire collection of processes used to design, develop, test, implement, and maintain software
Security must be included in each step of the SDLC
Conceptual
Requirements and specifications development
Application design, coding, and testing
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
31
Security in the Software Development Life Cycle (cont.)
Security in the conceptual stage
Presence of sensitive information must be identified
Access controls (users, administrators, third parties)
Regulatory conditions
Security dependencies
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
32
Security in the Software Development Life Cycle (cont.)
Security application requirements and specifications
Functional requirements
Standards
Security requirements
Roles, access controls, audit logging, configuration management
Regulatory requirements
Test plan a byproduct of requirements
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
33
Security in the Software Development Life Cycle (cont.)
Security in application design
Adhere to all requirements and specifications
Published design documents
Design reviews
Reviewed by all stakeholders including security
Threat risk modeling
Identify threats and risks prior to development
Possible changes to specs, req’s, or design
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
34
Security in the Software Development Life Cycle (cont.)
Security in application coding
Develop safe code
Free of common vulnerabilities
Use safe libraries that include safe functions for input validation
Security in testing
Testing should verify correct coding of every requirement and specification
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
35
Security in the Software Development Life Cycle (cont.)
Protect the SDLC itself
Source code access control
Protect source code
Record version changes
Protection of software development and testing tools
Protect from unauthorized modifications
Protection of software development systems
Prevent introduction of malware, back doors, logic bombs
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
36
Application Environment and Security Controls
Controls that must be present in a developed application
Authentication
Limiting access to only legitimate, approved users
Authorization
Limiting access only to approved functions and data
Role-based access control (RBAC)
Assign authorizations to roles, assign roles to users
Audit logging
Logging of all actions in the application
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
37
Database Architectures
Hierarchical databases: tree structure (no longer produced)
Network databases: complex tree structure (no longer produced)
Object databases: OO, methods stored with data
Distributed databases: physically distributed, any type
Relational databases (RDBMS): in widest use today
Oracle, SQL Server, DB2, MySQL, etc.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Data Warehouse
A type of database that is used for decision support and research purposes
A copy of some or all transaction data
Usually, refreshed periodically (typically daily)
Indexed and tuned differently than a transaction database
Complex queries into trends do not affect production transactions
CISSP Guide to Security Essentials, 2e
38
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
39
Database Transactions
Records retrieval
Records update
Records creation
Nested or complex transactions executed as a unit
Begin work… <transactions> …end work
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
40
Database Security Controls
Access controls
User ids, passwords
Table / row / field level access control
Read-only or read/write
Views
Virtual tables that are a subset of individual tables, or a “join” between tables
Permission given to views just like “real” tables
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
41
Summary
Operating system components: kernel, device drivers, tools
Operating system functions: authentication, resource access, access control, communication, event logging
Types of applications: agents, applets, client-server, distributed, web
Application language types: control flow, structured, object oriented, knowledge based
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
42
Summary (cont.)
Reasons for threats to applications: industrial espionage, vandalism and disruption, denial of service, political / religious
Types of threats
buffer overflow, covert channel, side channel, malware, input attacks, object reuse, mobile code, social engineering, back door, logic bomb
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CISSP Guide to Security Essentials, 2e
43
Summary (cont.)
Software development life cycle (SDLC) steps
Conceptual, requirements / specifications, design, coding, testing, maintenance
Source code control, configuration management
Software environment security controls
Authentication, access control, role based access control (RBAC), audit logging
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Summary (cont.)
Types of databases
Hierarchical, network, distributed, object-oriented, relational (most common)
Database security controls: userid, access control, audit logging, views
CISSP Guide to Security Essentials, 2e
44
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
44