Professional Documents
Culture Documents
Sse Co1 Module 1
Sse Co1 Module 1
• Identifies threats that target most software and the shortcomings of the software
development process that can render software vulnerable to those threats.
we all rely on complex, interconnected, software-intensive information systems that use the Internet as
their means for communicating and transporting information.
Building, deploying, operating, and using software that has not been developed with security in mind
can be high risk—like walking a high wire without a net .
The degree of risk can be compared to the distance you can fall and the potential impact.
Developing software without security in mind
is like walking a high wire without a net
The Problem
• Organizations increasingly store, process, and transmit their most sensitive
information using software-intensive systems that are directly connected to
the Internet.
• The increased exposure that comes with global connectivity has made
sensitive information and the software systems that handle it more
vulnerable to unintentional and unauthorized use.
The Problem … … …
• Software defects with security ramifications—
• including coding bugs such as buffer overflows and design flaws such as inconsistent
error handling—are ubiquitous.
• Malicious intruders, and the malicious code and botnets they use to obtain unauthorized
access and launch attacks, can compromise systems by taking advantage of software
defects.
• Instead of centralized control, which was the norm for large stand-alone systems, project managers have to
consider multiple and often independent control points for systems and systems of systems.
• Increased integration among systems has reduced the capability to make wide-scale changes quickly. In
addition, for independently managed systems, upgrades are not necessarily synchronized. Project managers
need to maintain operational capabilities with appropriate security as services are upgraded and new services
are added.
• With the integration among independently developed and operated systems, project managers have to
contend with a heterogeneous collection of components, multiple implementations of common interfaces,
and inconsistencies among security policies.
• With the mismatches and errors introduced by independently developed and managed systems, failure in
some form is more likely to be the norm than the exception and so further complicates meeting security
requirements.
Software Assurance and Software Security
The growing extent of the resulting risk exposure is rarely understood, as
evidenced by these facts:
• Software size and complexity of ambiguous intent and prevent exhaustive testing.
• The system limits the damage resulting from any failures caused by
attack-triggered faults, ensuring that the effects of any attack are not
propagated, and it recovers as quickly as possible from those failures.
Today, most project and IT managers responsible for system operation respond to the
increasing number of Internet-based attacks by relying on operational controls at the
operating system, network, and database or Web server levels while failing to directly address
the insecurity of the application-level software that is being compromised.
• Complexities, inadequacies, and/or changes in the software’s processing model (e.g., a Web- or service-
oriented architecture model).
• Flawed specification or design, or defective implementation of – The software’s interfaces with external
entities.
• Development mistakes of this type include inadequate (or nonexistent) input validation, error handling, and exception
handling.
• The components of the software’s execution environment (from middleware-level and operating-system-
level to firmware- and hardware-level components).
• Unintended interactions between software components, including those provided by a third party.
The Benefits of Detecting Software Security Defects
Early
Managing Secure Software Development
• Which Security Strategy Questions Should I Ask?
• To sustain this value, which assets must be protected? Why must they be
protected? What happens if they’re not protected?
• How do we determine and effectively manage residual risk (the risk remaining after
mitigation actions are taken)?
• Exploitable faults and other weaknesses are eliminated to the greatest extent
possible by well-intentioned engineers.
• The software is attack resistant, attack tolerant, and attack resilient to the
extent possible and practical in support of fulfilling the organization’s mission.
Thank
You
What is Buffer Overflow
Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to
another.
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory
buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.
For example, a buffer for log-in credentials may be designed to expect username and password inputs of 8 bytes, so
if a transaction involves an input of 10 bytes (that is, 2 bytes more than expected), the program may write the excess
data past the buffer boundary.
This changes the execution path of the program, triggering a response that damages files or exposes private
information.
For example, an attacker may introduce extra code, sending new instructions to the application to gain access to
IT systems.
If attackers know the memory layout of a program, they can intentionally feed input that the buffer cannot store,
and overwrite areas that hold executable code, replacing it with their own code.
For example, an attacker can overwrite a pointer (an object that points to another area in memory) and point it to
an exploit payload, to gain control over the program.
Types of Buffer Overflow Attacks
Stack-based buffer overflows are more common, and leverage stack memory that only exists
during the execution time of a function.
Heap-based attacks are harder to carry out and involve flooding the memory space allocated for a
program beyond memory used for current runtime operations.
C and C++ are two languages that are highly susceptible to buffer overflow attacks, as they don’t
have built-in safeguards against overwriting or accessing data in their memory. Mac OSX,
Windows, and Linux all use code written in C and C++.
Languages such as PERL, Java, JavaScript, and C# use built-in safety mechanisms that minimize
the likelihood of buffer overflow.
How to Prevent Buffer Overflows
Developers can protect against buffer overflow vulnerabilities via security measures in their code, or by using
languages that offer built-in protection.
In addition, modern operating systems have runtime protection. Three common protections are:
Address space randomization (ASLR)—randomly moves around the address space locations of data regions.
Typically, buffer overflow attacks need to know the locality of executable code, and randomizing address spaces
makes this virtually impossible.
Data execution prevention—flags certain areas of memory as non-executable or executable, which stops an
attack from running code in a non-executable region.
Structured exception handler overwrite protection (SEHOP)—helps stop malicious code from attacking
Structured Exception Handling (SEH), a built-in system for managing hardware and software exceptions. It thus
prevents an attacker from being able to make use of the SEH overwrite exploitation technique. At a functional
level, an SEH overwrite is achieved using a stack-based buffer overflow to overwrite an exception registration
record, stored on a thread’s stack.
Security measures in code and operating system protection are not enough. When an organization discovers a buffer
overflow vulnerability, it must react quickly to patch the affected software and make sure that users of the software
can access the patch.
List of Software Security Vulnerabilities and Weaknesses
If you want to protect your customers and your brand, it’s important to identify and prevent software security
vulnerabilities before shipping software.
In order to do so, you first need to be aware of the different types of security weaknesses and ways to avoid
them.
This session aims at showing you common types of software security weaknesses and it also includes tips on
preventing these vulnerabilities.
• Bugs
• Exposure of sensitive data
• Flaws in Injection
• Buffer overflow
• Security misconfiguration
• Broken access control
• Insecure deserialization
• Broken/Missing Authentication
How to Prevent Software Vulnerabilities
1. Test Your Software
It’s a good practice to test your software often as this will help you find and get rid of vulnerabilities quickly. You can test your
software using code analysis tools, white box testing, black box testing, and other techniques.
Software security vulnerabilities don’t just result in hackers attacking a system but can also result
in financial losses.
Attackers use security weaknesses to steal and access an individual’s personal details including
bank accounts to steal money.