security as a process in software development lifecycle v2.0
DESCRIPTION
Software developmentTRANSCRIPT
![Page 1: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/1.jpg)
Security As A Process In Software Development Lifecycle
Presented By:Ahmed Saafan
![Page 2: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/2.jpg)
Agenda
Security layers Software lifecycle evolution Security in modern software lifecycle
Analysis phase activities Design & Development phases activities
Threat Modeling Deployment & testing phases activities
A final word
![Page 3: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/3.jpg)
Security Layers
Layered Security approach (security in depth)
Physical Security Network Security Host (OS) Security Application Security
![Page 4: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/4.jpg)
Security Layers Network Level vulnerabilities
DoS Packet inspection , password sniffing Identity theft (Spoofing)
Network breach mitigation techniques Firewalls IDSs, IPSs & IDPs Logs Analysis
![Page 5: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/5.jpg)
Security Layers Host (OS) vulnerabilities
Hardware firmware vulnerabilities Windows!! RPC
Host threats mitigation Choose the right one Don’t just patch, protect.
![Page 6: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/6.jpg)
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking
![Page 7: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/7.jpg)
![Page 8: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/8.jpg)
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking Cross site scripting (XSS)
![Page 9: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/9.jpg)
XSS
Type-0 attack
Type-1 attack
Type-2 attack
![Page 10: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/10.jpg)
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking Cross site scripting (XSS) Buffer Overflow exploits Unhandled exceptions' exploits
![Page 11: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/11.jpg)
![Page 12: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/12.jpg)
![Page 13: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/13.jpg)
Security Layers Application level vulnerabilities
SQL injection Application DoS Session Hijacking Cross site scripting (XSS) Buffer Overflow exploits Unhandled exceptions' exploits
Is there a mitigation technique ?
![Page 14: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/14.jpg)
Software lifecycle evolution
Functional Programming / Flow charts
Object Oriented Programming / Design
UML standards & modern SW lifecycle
![Page 15: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/15.jpg)
Software lifecycle evolution
![Page 16: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/16.jpg)
Security in modern software lifecycle
Hit backs due to security (patches)
The need for a more secure software
Security as a process in SDLC
![Page 17: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/17.jpg)
Analysis phase activities
Take into consideration:
Confidentiality Integrity Availability Possession Authenticity Utility
![Page 18: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/18.jpg)
Design & Development phases activities Take into consideration:
Input/Output validation
![Page 19: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/19.jpg)
![Page 20: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/20.jpg)
Design & Development phases activities Take into consideration:
Input/Output validation Principle of least privilege / default deny Compartmentalization (Separation of Privileges) Threat Modeling
![Page 21: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/21.jpg)
Threat Modeling
Steps for threat Modeling:
1. Identify critical assets
2. Decompose the system• Network Diagram• Functionality diagram
![Page 22: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/22.jpg)
![Page 23: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/23.jpg)
![Page 24: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/24.jpg)
Threat Modeling
3. Identify Possible points of attack
Trust Boundaries
Data Classification
![Page 25: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/25.jpg)
![Page 26: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/26.jpg)
Threat Modeling
Identify Threats for each node STRIDE
Model
![Page 27: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/27.jpg)
Threat Modeling Step-by-step Model (Checklists)
Network Threats Web services subjected to a denial of service attack IP spoofing Faulty configuration of firewall rules, allowing outsiders to get access to
a database and change the data Errors in ACLs Sensitive data that flows unencrypted through the network
Host Threats Using un-patched servers allows crackers to exploit known
vulnerabilities Lack of clearly defined trust boundaries Improper server hardening guidelines resulting in a mismatch between
the server configuration and the security context in which it’s placed Application Threats
Code that’s prone to buffer overflows, SQL injection, or cross-site scripting
Defective or missing data encryption resulting in password compromise
![Page 28: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/28.jpg)
Threat Modeling
Attack Trees
![Page 29: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/29.jpg)
Threat Modeling
5. Categorize & prioritize threats Risk = Probability of occurrence (PO)
X Bussiness impact (BI)
DREAD Model
Project Risk Analysis on threat trees
![Page 30: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/30.jpg)
Threat Modeling
6. Mitigate
Add Cost of mitigation to attack trees
Take decision based on risk vs. cost
![Page 31: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/31.jpg)
![Page 32: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/32.jpg)
![Page 33: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/33.jpg)
Threat Modeling
Important Notes:
Consider everything that might go wrong will go wrong
Dynamic Nature of attack trees
![Page 34: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/34.jpg)
Threat Modeling In A Nutshell1. Identify critical assets2. Decompose the system
• Network Diagram• Functionality diagram
3. Identify Possible points of attack• Trust boundaries• Data classification
4. Identify threats• STRIDE model OR Step-by-step model• Attack trees
5. Categorize and prioritize threats• Risk = PO X BI• DREAD model to calculate PO & BI• Project risks on attack trees
6. Mitigate• Add cost of mitigation to attack trees• Take decision based on risk vs cost
![Page 35: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/35.jpg)
Design & Development phases activities Take into consideration:
Input/Output validation Principle of least privilege / default deny Compartmentalization (Separation of Privileges) Threat Modeling Threat Trees Integrate security Into Quality assurance process Sanitization of data between subsystems Encryption of all communication must be possible No transmission of passwords in plain text Coding standards checklists Logging
![Page 36: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/36.jpg)
Deployment & testing phases activities
Take into consideration: IT infrastructure availability Hardware requirements are met Remove Trapdoors (Maintenance hooks) External team to ensure risk mitigation If possible, Get a black hat! Stress testing Regression testing Disaster recovery/system continuity
![Page 37: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/37.jpg)
A Final word
“ Security is a process and not a product”
-Bruce Schneir
Open source software (OSS) and security
![Page 38: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/38.jpg)
Thank youReferences: Software Engineering – Security as a Process in the
SDLC , James Purcell 2007 Hack proofing your network, Syngress 2000 Improving Security across SDLC, Task force report 2004 Don’t Just Patch, Protect!, Paul Wright 2007 Packet Sniffing In a Switched Environment, Tom King
2006 wikipedia.org/wiki/Session_hijacking www.0x000000.com/?i=424 , Secure Input validation en.wikipedia.org/wiki/Buffer_overflow Inside the Buffer Overflow Attack:Mechanism, Method,
& Prevention, Mark E. Donaldson Software Engineering, Sommerville 2005 Assumptions In Intrusion Analysis, by Rodney Caudle.
![Page 39: Security as a Process in Software Development Lifecycle v2.0](https://reader033.vdocuments.site/reader033/viewer/2022051518/5695d4d11a28ab9b02a2e273/html5/thumbnails/39.jpg)
Thank youReferences: http://www.securityfocus.com/columnists/445 , Security
Analogies by Scott Granneman. http://www.securityfocus.com/columnists/420, Surprises
Inside Microsoft Vista's EULA by Scott Granneman. http://www.microsoft.com/technet/technetmag/issues/2005/01/
SessionHijacking/?topics=/technet/technetmag/issues/2005/01/SessionHijacking
Exploiting The Otherwise Non-exploitable on windows, by Miller Skywing
A Practical Approach To Threat Modeling, by Tom Olzak Foundation Of Attack Trees, by Sjouke Mauw From product to process: Bruce Schneier's take on
security , By M. E. Kaba, Network World Security Newsletter