Welcome to Scribd!

Skip carousel

Information Security Transformation-Nahil Mahmood-Lecture 101

Uploaded by

فیضان راجپوت

0% found this document useful (0 votes)

1 views13 pages

Original Title

Information Security Transformation-nahil Mahmood-lecture 101

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pptx, pdf, or txt

0% found this document useful (0 votes)

1 views13 pages

Information Security Transformation-Nahil Mahmood-Lecture 101

Uploaded by

فیضان راجپوت

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pptx, pdf, or txt

Jump to Page

You are on page 1of 13

Search inside document

CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• Carnegie Mellon
Software Engineering
Institute
• https://
wiki.sei.cmu.edu/conflue
nce/display/java/SEI+CER
T+Oracle+Coding+Stand
ard+for+Java

1
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

1. Identify critical 6. Validation of 7. Change

assets (& asset control management
owner) implementation process for PROD

2. Research on 5. Implement
8. Implement on
applicable controls on test
PROD & monitor
security controls setup

3. Checklist of
4. Document
applicable
controls into SOP
controls

2
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

3
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• Rule 7
• ERR02-J. Prevent except
ions while logging
data
• Exceptions that are
thrown while logging is
in progress can prevent
successful logging
unless special care is
taken. Failure to account
for exceptions during
the logging process can
4
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• …cause security
vulnerabilities, such as
allowing an attacker to
conceal critical security
exceptions by
preventing them from
being logged. Hence,
programs must ensure
that data logging
continues to operate
correctly even when
exceptions are thrown
5
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• …during the logging

process.

6
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

7
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• Non-compliant Code
Example:
• This noncompliant code
example writes a critical
security exception to
the standard error
stream:

8
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• Writing such exceptions

to the standard error
stream is inadequate for
logging purposes. First,
the standard error
stream may be
exhausted or closed,
preventing recording of
subsequent exceptions.
Second, the trust level
of the standard error
stream may be
9
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• …insufficient for
recording certain
security-critical
exceptions or errors
without leaking sensitive
information. If an I/O
error were to occur
while writing the
security exception,
the catch block would
throw
an IOException and the
10
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• …critical security
exception would be lost.
Finally, an attacker may
disguise the exception
so that it occurs with
several other innocuous
exceptions.

11
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

12
CASE STUDY – JAVA APPLICATIONS SECURITY HARDENING

• Compliant Solution:
• This compliant solution
uses java.util.logging.Lo
gger, the default logging
API provided by JDK 1.4
and later. Use of other
compliant logging
mechanisms, such as
log4j, is also permitted.
• Typically, only one
logger is required for
END
the entire program.
13

Penetration Testing Report PDF
Document19 pages
Penetration Testing Report PDF
Likesh Shrestha
No ratings yet
MDI Emissions Reporting Guidelines For The Polyurethane Industry
Document135 pages
MDI Emissions Reporting Guidelines For The Polyurethane Industry
dynaflo
100% (1)
By Vaibhav Pandya S R.information Security Consultant M.Tech Solutions (India) PVT - LTD
Document22 pages
By Vaibhav Pandya S R.information Security Consultant M.Tech Solutions (India) PVT - LTD
tsegay.cs
No ratings yet
Learning iOS Penetration Testing
From Everand
Learning iOS Penetration Testing
Yermalkar Swaroop
No ratings yet
Bitfinex Preview BFX Conversion Pitch
Document25 pages
Bitfinex Preview BFX Conversion Pitch
Anonymous wRn8eD
No ratings yet
The Metatheatre in Rosencrantz and Guildenstern Are Dead
Document2 pages
The Metatheatre in Rosencrantz and Guildenstern Are Dead
Kingshuk Mondal
67% (3)
Amy Tsui - Classroom Discourse Research & Ethnography
Document23 pages
Amy Tsui - Classroom Discourse Research & Ethnography
Mastho Zheng
No ratings yet
Rolex
Document15 pages
Rolex
Neha Singh
No ratings yet
02lec - 10 OWASP Vulnerabilities
Document40 pages
02lec - 10 OWASP Vulnerabilities
manju kakkar
No ratings yet
02lec - 10 OWASP Vulnerabilities (1) (6 Files Merged)
Document153 pages
02lec - 10 OWASP Vulnerabilities (1) (6 Files Merged)
manju kakkar
No ratings yet
Secure Coding Guidelines For Java
Document42 pages
Secure Coding Guidelines For Java
Vs Vadivelan
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 100
Document12 pages
Information Security Transformation-Nahil Mahmood-Lecture 100
فیضان راجپوت
No ratings yet
Module 8 Part 1
Document23 pages
Module 8 Part 1
sachiherath690
No ratings yet
Cisco Umbrella Stage Workshop Guide PDF
Document299 pages
Cisco Umbrella Stage Workshop Guide PDF
mannymtz70wk
No ratings yet
Trend Keamanan Serangan Siber Dan Malware V.3.0
Document42 pages
Trend Keamanan Serangan Siber Dan Malware V.3.0
muhammadulya a
No ratings yet
Java Security, Part 1: Crypto Basics
Document32 pages
Java Security, Part 1: Crypto Basics
Sanjeev Kumar Bharti
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 102
Document10 pages
Information Security Transformation-Nahil Mahmood-Lecture 102
فیضان راجپوت
No ratings yet
Owasp Top 10 Mobile Risks
Document46 pages
Owasp Top 10 Mobile Risks
AlfonsoGuzmanAlvarez
No ratings yet
CH 3 CNS
Document35 pages
CH 3 CNS
አርቲስቶቹ Artistochu animation sitcom by habeshan meme
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 94
Document9 pages
Information Security Transformation-Nahil Mahmood-Lecture 94
فیضان راجپوت
No ratings yet
Us926 3bus095728a
Document2 pages
Us926 3bus095728a
Mohamed Abdelkader
No ratings yet
OCI Security Vulnerability Scan
Document8 pages
OCI Security Vulnerability Scan
TapasKarmakar
No ratings yet
Cyber Security VAPT v1.0 Published - Compressed
Document29 pages
Cyber Security VAPT v1.0 Published - Compressed
asamad54
100% (2)
Information Security Transformation-Nahil Mahmood-Lecture 99
Document9 pages
Information Security Transformation-Nahil Mahmood-Lecture 99
فیضان راجپوت
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 75
Document14 pages
Information Security Transformation-Nahil Mahmood-Lecture 75
فیضان راجپوت
No ratings yet
Gitlab Seismic Shift in Application Security Whitepaper
Document16 pages
Gitlab Seismic Shift in Application Security Whitepaper
kakayow457
No ratings yet
Secure Coding Best Practices Handbook Veracode Guide
Document16 pages
Secure Coding Best Practices Handbook Veracode Guide
Veronica Quiroga
No ratings yet
Secure Coding - PHP v.1.1
Document137 pages
Secure Coding - PHP v.1.1
Bond James
No ratings yet
Programming For Security Professionals
Document174 pages
Programming For Security Professionals
B Basit
No ratings yet
Service Scope and Options
Document2 pages
Service Scope and Options
meim
No ratings yet
Almacenamiento en La Nube
Document15 pages
Almacenamiento en La Nube
Felipe Guzman
No ratings yet
Recent Approach To Java Security: IPASJ International Journal of Computer Science (IIJCS)
Document4 pages
Recent Approach To Java Security: IPASJ International Journal of Computer Science (IIJCS)
International Journal of Application or Innovation in Engineering & Management
No ratings yet
Java Application Vulnerabilities:: What They Are and How To Fix Them
Document9 pages
Java Application Vulnerabilities:: What They Are and How To Fix Them
Priya Sharma
No ratings yet
CCNA Security: Chapter Six Securing The Local Area Network
Document99 pages
CCNA Security: Chapter Six Securing The Local Area Network
paleologos
No ratings yet
Secure Coding
Document11 pages
Secure Coding
Lanre Banjo
No ratings yet
Web Goat
Document73 pages
Web Goat
Jun Woo Shim
No ratings yet
Edu 214 8x Datasheet
Document1 page
Edu 214 8x Datasheet
gochornea
No ratings yet
Edu 214 9x Datasheet
Document1 page
Edu 214 9x Datasheet
sans mahe1
No ratings yet
Lampiran 1 - ECL Scholarship Learning Paths For Malaysia
Document8 pages
Lampiran 1 - ECL Scholarship Learning Paths For Malaysia
sapuan
No ratings yet
OMC SecurityServices Sangam17 v0.3
Document21 pages
OMC SecurityServices Sangam17 v0.3
hariprasathdba
No ratings yet
OWASP Top 10 Privacy Countermeasures v1.0 PDF
Document10 pages
OWASP Top 10 Privacy Countermeasures v1.0 PDF
Juan Carlos Giraldo Vidal
No ratings yet
Web Application Penetration Test: Final Report
Document21 pages
Web Application Penetration Test: Final Report
Prakash Subramaniam
No ratings yet
Product Sheet - Process - Functional Safety Training & Certification Program
Document3 pages
Product Sheet - Process - Functional Safety Training & Certification Program
Ammar Maar
No ratings yet
F23 CST8804 Lab1 Presentation
Document20 pages
F23 CST8804 Lab1 Presentation
Reham Bakouny
No ratings yet
Web AppSec Expert L 14-16 May 2024 L Parkroyal Hotel KL
Document5 pages
Web AppSec Expert L 14-16 May 2024 L Parkroyal Hotel KL
nicholas
No ratings yet
OneSpan Datasheet App Shielding Runtime Protection
Document3 pages
OneSpan Datasheet App Shielding Runtime Protection
Ranga
No ratings yet
HyperG Total Solution V2.1
Document40 pages
HyperG Total Solution V2.1
NoorHishamYusoh
No ratings yet
17 Web Application Firewall
Document25 pages
17 Web Application Firewall
Gi ji
No ratings yet
06-STM32 Security WS STM32 Trust Introduction
Document27 pages
06-STM32 Security WS STM32 Trust Introduction
soloking
No ratings yet
Secure Coding Practices in Java: Challenges and Vulnerabilities
Document13 pages
Secure Coding Practices in Java: Challenges and Vulnerabilities
Paola
No ratings yet
Java Feels Secure
Document4 pages
Java Feels Secure
thangmle
No ratings yet
We All Are DevSecOps
Document54 pages
We All Are DevSecOps
qv56xvb2bc
No ratings yet
Paper 11
Document5 pages
Paper 11
mihirinsta8
No ratings yet
Cips 2016 0309
Document45 pages
Cips 2016 0309
Vijay DSK
No ratings yet
Filippo Cassini - FOS - 6.0
Document25 pages
Filippo Cassini - FOS - 6.0
habib kamaie
No ratings yet
SEC2 FinalSlides
Document60 pages
SEC2 FinalSlides
Sandra Bravo
No ratings yet
Secdevops: Description and Primer
Document37 pages
Secdevops: Description and Primer
Peter Lamar
No ratings yet
Ism 4
Document63 pages
Ism 4
Shashwat Mishra
No ratings yet
DevSecops AllThingsOpen 2019
Document37 pages
DevSecops AllThingsOpen 2019
Peter Lamar
No ratings yet
8 Steps To Zero Trust
Document2 pages
8 Steps To Zero Trust
세인
No ratings yet
6a. Mobile Application Security
Document77 pages
6a. Mobile Application Security
Evanson Karimi
No ratings yet
Comm Vault
Document43 pages
Comm Vault
Anh Nguyen
No ratings yet
Module 4: The Problems: Cyber Antipatterns
Document12 pages
Module 4: The Problems: Cyber Antipatterns
shreya n patel
No ratings yet
Application Container Audit Program
Document7 pages
Application Container Audit Program
Sushil Andre
No ratings yet
(IT Risk Profiles) Server Security Management by Eav Bunthen (Finalized)
Document4 pages
(IT Risk Profiles) Server Security Management by Eav Bunthen (Finalized)
Shaleh Sen
100% (1)
Conservative Political Theory
Document1 page
Conservative Political Theory
OpenLearner
0% (1)
IBD295
Document14 pages
IBD295
olympiadpreparation.2024
No ratings yet
1PE ACI Vs Coquia
Document7 pages
1PE ACI Vs Coquia
Vladimir Reid
No ratings yet
Decision Making Model
Document16 pages
Decision Making Model
prerna
No ratings yet
White Paper
Document17 pages
White Paper
nanadmyro Photo6
No ratings yet
Kelompok 10 Pronouns
Document19 pages
Kelompok 10 Pronouns
sari
No ratings yet
A - What Did Jesus Mean When He Said in Matthew 1
Document3 pages
A - What Did Jesus Mean When He Said in Matthew 1
John Mark Lascuña
No ratings yet
Lucian and Flaubert: David Marsh
Document56 pages
Lucian and Flaubert: David Marsh
Attila Lébényi-Palkovics
No ratings yet
SOAL PAS BAHASA INGGRIS Part2
Document3 pages
SOAL PAS BAHASA INGGRIS Part2
Ratmi 'Bundanya Rena'
100% (2)
WFC Conference Renewable Energy
Document1 page
WFC Conference Renewable Energy
Vincs Kong
No ratings yet
Business Plan
Document20 pages
Business Plan
Dagim Abreham
100% (1)
ACCA F2L9 Relevant Costing
Document22 pages
ACCA F2L9 Relevant Costing
nadeem20031147
50% (2)
Aqyila - Bloom Lyrics
Document2 pages
Aqyila - Bloom Lyrics
9gdbkfmv9y
No ratings yet
Should Examination Be Banned?
Document2 pages
Should Examination Be Banned?
Braviour Wind Jack
100% (2)
Legal Guide Topics
Document19 pages
Legal Guide Topics
Angela John
No ratings yet
04 Snehal Fadale Assignment 2
Document10 pages
04 Snehal Fadale Assignment 2
Snehal Fadale
No ratings yet
QS World University Rankings 2020 - Las Mejores Universidades Mundiales - Universidades Principales
Document36 pages
QS World University Rankings 2020 - Las Mejores Universidades Mundiales - Universidades Principales
Samael Astaroth
No ratings yet
NOA Sociology 01
Document39 pages
NOA Sociology 01
Nazrat Anem
No ratings yet
Set B: Part 1 A) Using Suitable Software, Prepare The Following Documentations For of SESB SDN BHD
Document12 pages
Set B: Part 1 A) Using Suitable Software, Prepare The Following Documentations For of SESB SDN BHD
dini sofia
No ratings yet
Vol Ume 1: Mai N: Classification OF Wetlands OF Bangladesh
Document261 pages
Vol Ume 1: Mai N: Classification OF Wetlands OF Bangladesh
Md. Tanvir Hasan 1812974042
No ratings yet
Lay Carmelite Community #578: Who Are The Third Order Lay Carmelites?
Document2 pages
Lay Carmelite Community #578: Who Are The Third Order Lay Carmelites?
Gerille Mae Liba
No ratings yet
JIT Costing
Document2 pages
JIT Costing
hellokittysaranghae
No ratings yet
Certificate of Registration Registration No:: Code Subject Unit Class Days Time Room Faculty
Document2 pages
Certificate of Registration Registration No:: Code Subject Unit Class Days Time Room Faculty
Kael Matt Paul Besmonte
No ratings yet
Ice Breakers and Team Builders Packet
Document54 pages
Ice Breakers and Team Builders Packet
nissefar007
100% (1)
Acordes para Guitarra
Document12 pages
Acordes para Guitarra
Lucas Sebastian Muñoz
No ratings yet