Welcome to Scribd!

Whay It Software Security

Uploaded by

0% found this document useful (0 votes)

35 views10 pages

Software security focuses on designing and implementing secure software by examining source code. It aims to address weaknesses within software that can bypass outer defenses like firewalls and antivirus. Some key aspects of software security include enforcing application-specific access policies, preventing unintended information flows, and finding and fixing bugs in source code that can lead to exploits. Black box security approaches have limitations and carefully crafted attacks may be able to bypass them by targeting vulnerabilities within software implementations.

Original Description:

Software Security Coursera

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

0% found this document useful (0 votes)

35 views10 pages

Whay It Software Security

Uploaded by

neon48

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

Jump to Page

You are on page 1of 10

Search inside document

What is Software

Security?
Software Security
• Software security is a kind of computer security that
focuses on the secure design and implementation
of software!
• Using the best languages, tools, methods

• Focus of study:

the code
• By contrast: Many popular approaches to security
treat software as a black box (ignoring the code)
• OS security, anti-virus, firewalls, etc.
Why Software Security?

Firewalls and anti-virus are Attackers often can bypass

like building walls around outer defenses to attack
a weak interior weaknesses within
Software Security aims to address weaknesses directly
Operating System Security
• Operating systems mediate a program’s actions!
• Aka system calls!
• such as reading and writing files,
• sending and receiving network packets,
• starting new programs, etc.

• Enforceable policies control actions

• programs run by Alice cannot read files owned by Bob
• programs run by Bob cannot use TCP port 80
• programs run in directory D cannot access files
outside of D
Limitations of OS Security
• Cannot enforce application-specific policies,
which can be too fine-grained
• Example: database management system (DBMS)

• Cannot (precisely) enforce info-flow policies!

• An operating system typically implements an
execution monitor: decisions are based on past and
current actions
• Information flow policies: A non-action may reveal
something about a secret without leaking it directly
Firewalls and IDSs
• Firewalls and intrusion detection systems (IDSs)
observe, block, and filter messages exchanged
by programs
• Based on their origin, content, frequency, etc.

• Examples:
• Firewall could block all traffic from particular hosts, or
to particular TCP ports
• An IDS could filter packets it recognizes are part of a
known exploit pattern
Filtering misses attacks
• Firewall filtering is coarse-grained, and unsound
• Port 80 is assumed to be HTTP (web) traffic, which is
assumed benign, but can layer arbitrary traffic over
HTTP, e.g., SOAP
• Previously benign sources can become malicious
- E.g., due to malware infection

• IDS patterns fine-grained, but still unsound!

• Attack traffic can be slightly modified to work around
IDS filters (which are often syntactic, not semantic)
• Making filters too fine-grained can hurt performance
- Thus compromising availability
Anti-virus Scanners
• Anti-virus scanners look for signs of malicious
behavior in local files
• In many ways, anti-virus is related to IDS in looking
for patterns
• Newer forms of anti-virus scanners are
sophisticated, but in practice are frequently
bypassed!
• Trade off precision and performance (latter could
compromise availability)
Ex: Heartbleed
• SSL/TLS is a core protocol for encrypted
communications used by the web
• Heartbleed is a bug in the commonly used
OpenSSL implementation of SSL/TLS, v1.0.1 - 1.0.1f
• Discovered in March 2014, it has been in released
code since March 2012 (2 years old!)

• A carefully crafted packet causes OpenSSL to read

and return portions of a vulnerable server’s memory
• Leaking passwords, keys, and other private information
Heartbleed, meet SoftSec
• Black box security is incomplete against
Heartbleed exploits!
• Issue is not at the level of system calls or deposited
files: nothing the OS or antivirus can do
• Basic attack packets could be blocked by IDS, but
- “Packet chunking” may bypass basic filters
- Exfiltrated data on the encrypted channel; invisible to forensics

• Software security methods

attack the source of the
problem: the buggy code

Quiz Unit 2
Document5 pages
Quiz Unit 2
neon48
No ratings yet
Activity - Generating Passwords With Rockyou - TXT - 2.3 Activity and Discussion - Material Del Curso CYBER504x - Edx PDF
Document3 pages
Activity - Generating Passwords With Rockyou - TXT - 2.3 Activity and Discussion - Material Del Curso CYBER504x - Edx PDF
neon48
No ratings yet
Software Security Semana 1
Document18 pages
Software Security Semana 1
neon48
No ratings yet
09 - SRX - Ipsec VPN
Document64 pages
09 - SRX - Ipsec VPN
Luc Tran
No ratings yet
CCNA 4 v5 CN Practice Skills Assessment - Packet Tracer 2014
Document4 pages
CCNA 4 v5 CN Practice Skills Assessment - Packet Tracer 2014
Aleks2055
100% (2)
CyberSecurity Short Course - Week 3
Document46 pages
CyberSecurity Short Course - Week 3
tapera_mangezi
No ratings yet
SWE426
Document5 pages
SWE426
Mocktadir Rahman 173-35-2227
No ratings yet
Network Design Worms: (Plus We'll Start With Some Notes That Will Prove Useful On Lab 3)
Document84 pages
Network Design Worms: (Plus We'll Start With Some Notes That Will Prove Useful On Lab 3)
ana
No ratings yet
Security: Concept, Threats (User, Data), Measures
Document23 pages
Security: Concept, Threats (User, Data), Measures
pariyal malik
No ratings yet
Chapter 3 - Risks, Threats and Vulnerabilities
Document34 pages
Chapter 3 - Risks, Threats and Vulnerabilities
Nahøm Abera Ak
No ratings yet
Intrusion Detection Systems (Ids) Introduction and Overview
Document28 pages
Intrusion Detection Systems (Ids) Introduction and Overview
Suresh Yadav
No ratings yet
Ai - PPT - 33 && 38
Document8 pages
Ai - PPT - 33 && 38
Gokussj
No ratings yet
ch0 1
Document78 pages
ch0 1
Yazan Al-Nirab
No ratings yet
ch0 1
Document72 pages
ch0 1
Jayesh Shinde
No ratings yet
Cp1402 Week 9 1 Netsec Student - Tagged
Document27 pages
Cp1402 Week 9 1 Netsec Student - Tagged
asdasd
No ratings yet
ch0 1
Document75 pages
ch0 1
pjairon
No ratings yet
Introduction To Network Security: © N. Ganesan, PH.D
Document33 pages
Introduction To Network Security: © N. Ganesan, PH.D
Luis Barrera
No ratings yet
Topic 5 - Network Security
Document35 pages
Topic 5 - Network Security
s.l.mills86
No ratings yet
Maicious Software
Document21 pages
Maicious Software
Smily Theresa
No ratings yet
Network+ Short Course - Week 4 PDF
Document67 pages
Network+ Short Course - Week 4 PDF
Murad suleman
No ratings yet
Chapter 5
Document44 pages
Chapter 5
disneyhotstar3333
No ratings yet
Computer Network - Topic 12
Document46 pages
Computer Network - Topic 12
Dutchman Cool
No ratings yet
Network Security
Document11 pages
Network Security
Sumit Kumar Vohra
No ratings yet
CCNA Enterprise 200 301 Modul5
Document79 pages
CCNA Enterprise 200 301 Modul5
Foryanto J. Wiguna
100% (2)
CISSP Session 03
Document85 pages
CISSP Session 03
wfelicesc
No ratings yet
IG Notes P1 Defintions
Document11 pages
IG Notes P1 Defintions
SKMTXLHA
No ratings yet
Richard Intrusion Detection
Document5 pages
Richard Intrusion Detection
Asim Nusrat
No ratings yet
Introduction (Viruses, Bombs, Worms) - Types of Viruses - Characteristics of Viruses - Categories of Viruses - Computer Security
Document36 pages
Introduction (Viruses, Bombs, Worms) - Types of Viruses - Characteristics of Viruses - Categories of Viruses - Computer Security
Md Sajjad Hossain
No ratings yet
IT Sec Firewalls Intrusion Detection System Honeypots PDF
Document47 pages
IT Sec Firewalls Intrusion Detection System Honeypots PDF
Anonymous fFY4zZibJ8
No ratings yet
2 Cybersecurity Fundamentals Network Security
Document57 pages
2 Cybersecurity Fundamentals Network Security
rafaelricardo2705
No ratings yet
Chapter 07 - Specialized and Fragile Systems - Handout
Document26 pages
Chapter 07 - Specialized and Fragile Systems - Handout
Wayne Wayne
No ratings yet
Where Firewalls Fit in The Corporate Landscape
Document58 pages
Where Firewalls Fit in The Corporate Landscape
Haz Wani
No ratings yet
Intrusion Detection Systems
Document15 pages
Intrusion Detection Systems
Kavi Priya
No ratings yet
Cyber Security
Document10 pages
Cyber Security
pavan kc
No ratings yet
Describe IT Security Solutions
Document78 pages
Describe IT Security Solutions
yuuloo
No ratings yet
Chapter 3
Document14 pages
Chapter 3
yatharth
No ratings yet
CAT 1 - Introduction
Document89 pages
CAT 1 - Introduction
Nikhil Gaddam
No ratings yet
Antiviurs Docs
Document38 pages
Antiviurs Docs
Shahzad Shaikh
No ratings yet
Introduction To Firewalls
Document76 pages
Introduction To Firewalls
Lalmohan Ks
No ratings yet
Introduction To Cibercrimes - Ethical Hacking
Document22 pages
Introduction To Cibercrimes - Ethical Hacking
Sai Sudhakar
No ratings yet
M6 Main
Document38 pages
M6 Main
MAEGAN THERESE GABRIANA
No ratings yet
M6 Guide
Document12 pages
M6 Guide
outplayer65
No ratings yet
Network+ Guide To Networks 5 Edition
Document102 pages
Network+ Guide To Networks 5 Edition
Ryan Ortega
No ratings yet
Lecture - 21 22 23
Document93 pages
Lecture - 21 22 23
Slim Rekhis
No ratings yet
Unit 1
Document59 pages
Unit 1
Chaudhari Pranali Bharat
No ratings yet
Intrusion Detection & SNORT: Fakrul Alam
Document39 pages
Intrusion Detection & SNORT: Fakrul Alam
ary_bima
No ratings yet
Security
Document23 pages
Security
Zainab Hameed
No ratings yet
Cce-Edusat Session For Computer Fundamentals
Document37 pages
Cce-Edusat Session For Computer Fundamentals
Gemark Almacen
No ratings yet
Day12 Client Side Attacks
Document65 pages
Day12 Client Side Attacks
Sheharyar Awan
No ratings yet
Lecture 3 - 1 Data States
Document50 pages
Lecture 3 - 1 Data States
zargham.raza
No ratings yet
CCNA Sec Slides
Document92 pages
CCNA Sec Slides
yassine rezgui
No ratings yet
3 Endpoint PDF
Document70 pages
3 Endpoint PDF
ujang.pantry
No ratings yet
Topic - 01 - Intro To Network Security - Done
Document43 pages
Topic - 01 - Intro To Network Security - Done
Henry Fu Keat
No ratings yet
CS Unit-2 VJ
Document35 pages
CS Unit-2 VJ
baljitsingh.test
No ratings yet
Unit 2 Program Security
Document97 pages
Unit 2 Program Security
Shailesh Dewan
No ratings yet
Workshop SCA and WebInspect-April-04062016
Document193 pages
Workshop SCA and WebInspect-April-04062016
Rogério Almeida
No ratings yet
Module-1: Information Security Devices
Document52 pages
Module-1: Information Security Devices
sendhilks
No ratings yet
FALLSEM2023-24 BCSE353E ETH VL2023240100875 2023-05-23 Reference-Material-I
Document50 pages
FALLSEM2023-24 BCSE353E ETH VL2023240100875 2023-05-23 Reference-Material-I
dsa dsa
No ratings yet
10 - ODOM Book 2 Part 2 Security Chapters 4 5 6 7 8
Document49 pages
10 - ODOM Book 2 Part 2 Security Chapters 4 5 6 7 8
kalimty2023
No ratings yet
Understanding Devices and Infrastructure
Document13 pages
Understanding Devices and Infrastructure
Sameer Sohail
No ratings yet
1.4 Network Threats
Document16 pages
1.4 Network Threats
ross.jm.fuller
No ratings yet
Nad Ns Unit6-Part1
Document20 pages
Nad Ns Unit6-Part1
Akshay Utane
No ratings yet
Network Quality and Cyber Security
Document18 pages
Network Quality and Cyber Security
tylerd2506
No ratings yet
FALLSEM2023-24 BCSE353E ETH VL2023240100850 2023-06-03 Reference-Material-I
Document27 pages
FALLSEM2023-24 BCSE353E ETH VL2023240100850 2023-06-03 Reference-Material-I
dsa dsa
No ratings yet
Hack into your Friends Computer
From Everand
Hack into your Friends Computer
Magelan Cyber Security
No ratings yet
CYBER 502x Unit 3 Sleuthkit
Document28 pages
CYBER 502x Unit 3 Sleuthkit
neon48
No ratings yet
Practice Quiz - 0.4 Practice Quiz - Material Del Curso CYBER502x - Edx
Document2 pages
Practice Quiz - 0.4 Practice Quiz - Material Del Curso CYBER502x - Edx
neon48
No ratings yet
Activity - Rainbow Tables With Ophcrack - 2.3 Activity and Discussion - Material Del Curso CYBER504x - Edx PDF
Document3 pages
Activity - Rainbow Tables With Ophcrack - 2.3 Activity and Discussion - Material Del Curso CYBER504x - Edx PDF
neon48
No ratings yet
WHM (VPS) Gerenciador de Configuração Do Exim - 78.0.41-22-10-2019 PDF
Document5 pages
WHM (VPS) Gerenciador de Configuração Do Exim - 78.0.41-22-10-2019 PDF
Patrícia Teixeira
No ratings yet
Converting RRSF From APPC To TCP/IP: Southern California RACF User's Group
Document50 pages
Converting RRSF From APPC To TCP/IP: Southern California RACF User's Group
Özgür Hepsağ
No ratings yet
Unit 5 Complete Notes
Document54 pages
Unit 5 Complete Notes
Nikhil Suryawanshi
No ratings yet
SP9018A Catalog
Document2 pages
SP9018A Catalog
klaudhio
No ratings yet
CN Assignment
Document18 pages
CN Assignment
imdad
No ratings yet
Create An SSH Tunnel For MySQL Remote Access
Document4 pages
Create An SSH Tunnel For MySQL Remote Access
leonard1971
No ratings yet
Midterm Paper Session 20-24
Document3 pages
Midterm Paper Session 20-24
Syed Ali Abbas Naqvi
No ratings yet
Collecting and Analyzing NetFlow Data
Document7 pages
Collecting and Analyzing NetFlow Data
Carlos Maridueña
No ratings yet
CISSP & Security+ CheatSheetSheet
Document3 pages
CISSP & Security+ CheatSheetSheet
Sakil Mahmud
100% (1)
Optix BWS 1600 G
Document23 pages
Optix BWS 1600 G
Rohit Sharma
No ratings yet
Lab Report: WNW 1114 - Data Communications and Security 01 (WNEM Group 1)
Document12 pages
Lab Report: WNW 1114 - Data Communications and Security 01 (WNEM Group 1)
Bindu Garg
No ratings yet
Network Lab Manual.............. Rasagna
Document35 pages
Network Lab Manual.............. Rasagna
RASAGNA
83% (6)
Cisco AireOS To Cisco IOS XE Command Mapping Reference, Cisco IOS XE Release 3SE
Document72 pages
Cisco AireOS To Cisco IOS XE Command Mapping Reference, Cisco IOS XE Release 3SE
xkerberosx
No ratings yet
Datasheet 5W - 07.04.22
Document7 pages
Datasheet 5W - 07.04.22
Sijomon Parakkal
No ratings yet
SP DNS Security Solution EfficientIP EN 181004
Document6 pages
SP DNS Security Solution EfficientIP EN 181004
Monirul Islam
No ratings yet
Server Admin Tools
Document3 pages
Server Admin Tools
RatkoMR
No ratings yet
Template For Brochures: FL Switch Ep7400
Document12 pages
Template For Brochures: FL Switch Ep7400
Tio_louis32
No ratings yet
2006 Conference On IEEE 1588 - Tutorial
Document57 pages
2006 Conference On IEEE 1588 - Tutorial
lioliosk
No ratings yet
EchoLife EG8245H5 Datasheet 04
Document3 pages
EchoLife EG8245H5 Datasheet 04
Chairul Corp
No ratings yet
AccuLoad III-SA Operator Reference Manual
Document26 pages
AccuLoad III-SA Operator Reference Manual
Sushil Sharma
No ratings yet
Java Network
Document23 pages
Java Network
fahad
No ratings yet
Cooper Networking Lon Rs232 Modbuse TCP Ip
Document28 pages
Cooper Networking Lon Rs232 Modbuse TCP Ip
asifaliabid
No ratings yet
Arbor APS STT - Unit 06 - Tuning Under Attack - 07feb2018 PDF
Document67 pages
Arbor APS STT - Unit 06 - Tuning Under Attack - 07feb2018 PDF
masterlinh2008
No ratings yet
ESP8266 Handle Not Found Pages and Redirect
Document1 page
ESP8266 Handle Not Found Pages and Redirect
Pakai Umum
No ratings yet
Revendas
Document64 pages
Revendas
infinitwebturbo
No ratings yet
NEC SL1100 Quick Start Guide
Document9 pages
NEC SL1100 Quick Start Guide
Narendra Shinde
No ratings yet
Basic Configuration of Router and Switch
Document21 pages
Basic Configuration of Router and Switch
husnain ali
No ratings yet
Charming The Python On Nexus 7000 Switch v1: About This Solution
Document19 pages
Charming The Python On Nexus 7000 Switch v1: About This Solution
kyawzinmon
No ratings yet