defensive coding techniques pt 1
play

Defensive Coding Techniques (Pt. 1) Engineering Secure Software - PowerPoint PPT Presentation

Aug 28, 2022 •316 likes •561 views

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Defensive Coding vs. Risk Analysis Risk Analysis All about domain, assets,

  1. Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. Defensive Coding vs. Risk Analysis Risk Analysis ● All about domain, assets, threats, what-ifs ○ Global-minded ○ Prioritization is critical ○ Defensive Coding ● One small change in code → big change in risk analysis ○ e.g. storing passwords in the customer table vs. user table ■ e.g. website allowing uploading files for one feature ■ “Weakest link” mentality ○ Less about prioritization ■ Technology-specific ■ We should always code defensively. ● SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. Defensive Coding Principles Writing insecure code is surprisingly easy ● Arcane coding assumptions ○ Many different technologies to know ○ Maintainability still counts ● Duplicate code is even harder to secure ○ Vulnerabilities often have regressions and incomplete fixes ○ Know thy API’s ● Misusing an API in the wrong context can be a vulnerability ○ e.g. an XML parser that also executes includes ■ Copying from internet examples without understanding? For ○ shame. Don’t be paranoid; know what you can trust ● SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. Complexity “Complexity is the enemy of security” — Gary McGraw ● Structural complexity ● Lots of interconnected subsystems → architectural complexity ○ Lots of if -statements and loops → cyclomatic complexity ○ Cognitive complexity ● Lack of understanding → mistakes (vulnerabilities) ○ How much do I have to think about how this feature works? ○ Subjective, but important ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. Complexity “Complexity is the enemy of security” — Gary McGraw ● Complexity of inputs → big security risks ● e.g. apps to operating systems ○ e.g. web pages to web browsers ○ e.g. video files ○ e.g. font files ○ Obviously no vulnerabilities (vs. no obvious vulnerabilities) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. Know the Tree of Knowledge A lot of defensive coding comes down to clever tricks ● CWE ○ Why we do VOTD ○ Understanding history tells us what’s common and possible ● CVE ○ Why we do case studies ○ Makers of any technology understand their own limitations ● Read the guidelines provided by originators and experts ○ Many situations don’t apply to you, but some very much will ○ ■ Java: https://www.oracle.com/java/technologies/javase/seccodeguide.html C++: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682 ■ SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. Validating Input Input validation is blocking bad inputs ● Black list ● Enumerate the bad stuff ○ Drawback: infinite, easy to get around ○ Benefit: react quickly (if no re-compilation), straightforward ○ e.g. virus definitions ○ White list ● Only accept known good input ○ Often done with regular expressions ○ Drawbacks: ○ Sometimes not possible to block certain characters ■ Often requires re-compilation and patches ■ Recommendation: do both, but prefer a white list ● SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Input in Many Forms Not always strings and numbers ● Consider: images with metadata ● PHP had many issues with EXIF JPEG metadata ○ Adobe Acrobat and embedded fonts ○ Java with ICC and BMP ○ CVE-2007-2789 ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. Sanitizing Input Instead of blocking input, sanitize it ● All input comes in, but it’s manipulated ○ Convert it to something that won’t be interpreted as code ○ Usually utilizes escape characters ○ e.g. HTML: < is &lt; ■ e.g. Java: “ is \“ ■ Drawback: ● Need to know everything to escape ○ Very blacklist-like ○ False positives are also annoying ○ Need to remember to do it… everywhere ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 9

  10. Simplify Input Instead of blocking or sanitizing input, convert it to a simpler ● form Examples: ● Convert a number in a string to an integer (even if you then put ○ it back into a string) str = “123 <script>” i = “123 <script>” return “$#{str.to_i}” # returns “$123” return “$” + str(int(re.sub(r“[^0-9]”, “”, i)) Ruby Python Canonicalization for filepaths ○ Convert date strings to Epoch dates (i.e. integer MS since Jan 1, ○ 1970) SWEN-331: Engineering Secure Software Benjamin S Meyers 10 10

  11. Simplify Input Pros ● Reduces if-complexity (“what if” scenarios) ○ Simplifies future operations ○ You KNOW what is there ○ Cons ● Simplifying takes work ○ Can your input truly be simplified? ○ Note: “normalize input” has a different meaning in a Machine ● Learning context SWEN-331: Engineering Secure Software Benjamin S Meyers 11 11

  12. Exception Handling Most weird (or unexpected) behavior results in an exception ● Handle the exceptions you know about ○ Know that sometimes, some get away ○ Design your system to handle exceptions at the top-level ● e.g. Java: catch Throwable not Exception ○ e.g. JSP: <%@ page errorPage=“exceptionHandler.jsp” %> ○ For maintainability and complexity: ● Avoid promoting unnecessarily (e.g. throws Exception ) ○ Deal with related exception in one place, near the problem ○ e.g. wrapper around private methods in a class ■ Sheer laziness: try{something();} catch{} ● SWEN-331: Engineering Secure Software Benjamin S Meyers 12 12

  13. finally Don’t forget about the finally clause! ● Anything in the finally clause gets executed no matter what ○ Good for cleanup of resources ○ public void something() { Connection conn = null; try { conn = getConnection(); // do db stuff } catch (SQLException e) { // handle the exception } finally { DBUtil.closeConnection(conn); } } SWEN-331: Engineering Secure Software Benjamin S Meyers 13 13

  14. Think of the Children Subclassing overrides methods ● In untrusted API situations, make sure you can’t be extended ○ and have a sensitive method overridden Use the final keyword: public final class Countdown{} ○ Malicious subclasses can override the finalize() method to ● resurrect objects Gets executed right before the object goes to garbage collector ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 14 14

  15. Think of the Children Malicious subclasses can override the finalize() method to ● resurrect objects public class ClassLoader { public ClassLoader() { securityCheck(); init(); } private securityCheck() { … }; private init() { … }; } SWEN-331: Engineering Secure Software Benjamin S Meyers 15 15

  16. Think of the Children Malicious subclasses can override the finalize() method to ● resurrect objects public class MaliciousCL extends ClassLoader { static ClassLoader cl; @Override protected void finalize() { cl = this; } public static void main(String[] args) { try { new MaliciousCL(); } catch (SecurityException e) { … } System.gc(); System.runFinalization(); System.out.println(cl); } } SWEN-331: Engineering Secure Software Benjamin S Meyers 16 16

  17. Immutability in Object-Oriented Programming Setters are evil (except the Irish kind) ● What if we construct, run, set, then run again? ○ Unnecessarily increases complexity ○ Violates encapsulation ○ Don’t just throw setters in if you don’t have a reason ○ Beans are one exception to this rule ● Functionality is only get and set ○ Little other functionality ○ Mapping to validation ■ Mapping to relations ■ Prefer immutable types ( final keyword) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 17 17

  18. Global Variables Global variables are dangerous ● Mutable global variables are very dangerous ● Unnecessarily increased complexity ○ Tampering concern in an untrusted API ○ Nice try, but still doesn’t count: ● public static final List<String> list = new ArrayList<String>(); SWEN-331: Engineering Secure Software Benjamin S Meyers 18 18

  19. Global Variables Global variables are dangerous ● Mutable global variables are very dangerous ● Unnecessarily increased complexity ○ Tampering concern in an untrusted API ○ Nice try, but still doesn’t count: ● public static final List<String> list = new ArrayList<String>(); Instead: java.util.Collections.unmodifiableList() ● public static final List<String> list = new unmodifiableList(asList(“Alice”, “Bob”, “Charlie”)); SWEN-331: Engineering Secure Software Benjamin S Meyers 19 19

  20. Concurrency is Always a Risk Treat anything concurrent with initial distrust ● Race conditions → denial of service ○ Shared memory → potential leakage ○ Weird circumstances → potential tampering ○ Concurrency is ubiquitous ● Webapps, databases, GUI’s, games, etc. ○ Common poor assumptions ● “There will be only one copy of this thread” ○ “There will only be X threads” ○ “Nobody knows about my mutability” ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 20 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Last Time... Always code defensively Validating input Principles

476 views • 19 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter Buchlovsky 8. March 2004 University of Birmingham 1 Contents 1. Call-stacks, shellcode, gets 2. Exploits stack-based, heap-based 3. Defensive

1.56k views • 123 slides
Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State

Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State

Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State University Initial Pass Rush Thoughts There are natural pass rushers but this phase can be developed and refined by all players It is very similar to a

377 views • 15 slides
A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques

A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques

A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques Outline Coding Performance Whats Next Q &amp; A AOMedia and AV1 Coding Techniques Outline Coding Performance Whats Next Q &amp; A Video

1.01k views • 56 slides
KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive Investment climate Key rate trends and outlook The European and US economies are restarting relatively quickly. 3,0 3,0 High-frequency indicators

388 views • 11 slides
In the next 15 minutes we will: Look at some different techniques to help your children with

In the next 15 minutes we will: Look at some different techniques to help your children with

In the next 15 minutes we will: Look at some different techniques to help your children with revision. - Mnemonics - Memorising techniques - Creating a journey story The 4 key things that aid memory 1. Dual coding (words and pictures /

616 views • 15 slides
KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive Investment climate Substantial economic contraction, uncertain outlook Key rate trends and outlook 3,0 3,0 Initial estimates suggest that the euro

457 views • 11 slides
Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive programming and design, Announcements intermission part 2 Stephen McCamant Techniques for privilege separation University of Minnesota, Computer

577 views • 5 slides
Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and

Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and

Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and Stuff Ive Been Working on in Houdini/Blender/VR in the context of the larger problems we face in Astronomy Who Are you? Jill P. Naiman NSF+ITC

878 views • 59 slides
New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou.

New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou.

New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou. ou.edu du) University of Oklahoma Yan Liang, Andrew Halterman, Khaled Jabr, Christan Grant, Jill Irvine Large - Events Limited Who terabytes

244 views • 23 slides
Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec

Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec

Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec Rostislav Pehlivanov atomnker@gmail.com 2016-01-30 Some things happened... AOMedias codec has begun development

672 views • 28 slides
CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

7/22/2019 GREATER NY HEALTHCARE FACILITIES ASSOCIATION THE PROOF IS IN THE pudding CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA Vice President The CHARTS Group CMSs MESSAGE: If you do

836 views • 42 slides
Coding and Applications in Sensor Networks Why coding? Information compression

Coding and Applications in Sensor Networks Why coding? Information compression

Coding and Applications in Sensor Networks Why coding? Information compression Robustness to errors (error correction codes) Two categories: Source coding Channel coding Source coding Compression. What is the

916 views • 72 slides
Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A diagnosis coding methodology utilized in risk adjustment models to adjust cost for all patients within a health plan or group Risk

385 views • 23 slides
Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding?

Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding?

Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding? Why coding? Information compression Robustness to errors (error correction codes) Two categories: Two categories: Source

505 views • 23 slides
ASSIST: Using performance analysis tools for driving Feedback Directed Optimizations Youenn Lebras

ASSIST: Using performance analysis tools for driving Feedback Directed Optimizations Youenn Lebras

ASSIST ASSIST: Using performance analysis tools for driving Feedback Directed Optimizations Youenn Lebras (PhD Thesis) Advisor William Jalby, Co-supervisor: Andres S. Charif-Rubial UVSQ/ECR 1 Hardware trends and consequences The

306 views • 26 slides
Personnel Management Personnel Management B A R B N I S S E L R E T I R E D F O O D S E R V I

Personnel Management Personnel Management B A R B N I S S E L R E T I R E D F O O D S E R V I

Personnel Management Personnel Management B A R B N I S S E L R E T I R E D F O O D S E R V I C E D I R E C T O R C O N S U L T A N T S O S G R O U P , I N C . Orientation Session for New Foodservice Directors 1 What is Personnel

293 views • 7 slides
Variation of canonical height, illustrated Laura DeMarco Northwestern University Theorem I.0.3.

Variation of canonical height, illustrated Laura DeMarco Northwestern University Theorem I.0.3.

Variation of canonical height, illustrated Laura DeMarco Northwestern University Theorem I.0.3. (Silverman, VCH I, 1992) P = (0 , 0) E = { y 2 + Txy + Ty = x 3 + 2 Tx 3 } (log 2) 2 h E t ( P t ) = 1 15 log t + 2 25 log 2 + 2 log( t 5 / 2) +

743 views • 35 slides
Farzin Haddadpour Joint work with Mohammad Mahdi Mehrdad Mahdavi Viveck Cadambe Kamani X min

Farzin Haddadpour Joint work with Mohammad Mahdi Mehrdad Mahdavi Viveck Cadambe Kamani X min

Trading Redundancy for Communication: Speeding up Distributed SGD for Non-convex Optimization Farzin Haddadpour Joint work with Mohammad Mahdi Mehrdad Mahdavi Viveck Cadambe Kamani X min f ( x ) , Goal: Solving f i ( x ) i X min f ( x )

871 views • 25 slides
b - j e t I d e n t i f i c a t i o n i n t h e D 0 E x p e r i me

b - j e t I d e n t i f i c a t i o n i n t h e D 0 E x p e r i me

b - j e t I d e n t i f i c a t i o n i n t h e D 0 E x p e r i me n t S b a s t i e n G r e d e r I n s t i t u t P l u r i d i s c i p l i n a i r e H u b e r t C

333 views • 32 slides
Production of the D s meson in proton-proton collisions at 13 TeV as a function of multiplicity

Production of the D s meson in proton-proton collisions at 13 TeV as a function of multiplicity

Rencontres QGP France 2019 Production of the D s meson in proton-proton collisions at 13 TeV as a function of multiplicity Arthur Gal University of Strasbourg Institut Pluridisciplinaire Hubert Curien Outline Part I : Physics motivations

343 views • 22 slides
Search for neutrinoless double beta decay in NEMO 3 and SuperNEMO Yu. Shitov, IC

Search for neutrinoless double beta decay in NEMO 3 and SuperNEMO Yu. Shitov, IC

Search for neutrinoless double beta decay in NEMO 3 and SuperNEMO Yu. Shitov, IC Introduction to the -decay theory/experiment NEMO-3 detector and its results NEMO-3 detector and its results SuperNEMO: basic

793 views • 54 slides
The evolution of Vertex Detectors The evolution of Vertex Detectors From Gas to Silicon Strips

The evolution of Vertex Detectors The evolution of Vertex Detectors From Gas to Silicon Strips

The evolution of Vertex Detectors The evolution of Vertex Detectors From Gas to Silicon Strips From Gas to Silicon Strips Better and better Silicon Strips Better and better Silicon Strips From Strips to (Fast, Micro) Pixels From Strips to

592 views • 40 slides

More recommend