no more whack a mole
play

No More Whack-a-Mole: How to Find and Prevent Entire Classes of - PowerPoint PPT Presentation

Mar 10, 2024 •36 likes •426 views

No More Whack-a-Mole: How to Find and Prevent Entire Classes of Security Vulnerabilities Sam Lanning @samlanning @samlanning A story of many bugs (CVE-2017-8046) 7 September 2017 22 September 2017 27 September 2017 Mo

  1. No More Whack-a-Mole: How to Find and Prevent Entire Classes of Security Vulnerabilities Sam Lanning @samlanning @samlanning

  2. A story of many bugs (CVE-2017-8046) 7 September 2017 22 September 2017 27 September 2017 Mo privately discloses vulnerability Mo checks patch, sees it’s incomplete Mo checks patch, sees it’s still incomplete and exploit in Spring Framework sends updated exploit to Pivotal sends updated exploit to Pivotal 21 September 2017 26 September 2017 25 October 2017 Pivotal publish a patch, and make an Pivotal sends Mo details of Pivotal publishes a complete refactor announcement. second attempt at fix of relevant code to hopefully prevent further occurrences. https://lgtm.com/blog/spring_data_rest_CVE-2017-8046_ql Securing software, together

  3. A story of many bugs 2 27 April 2016 20 June 2016 22 September 2017 S2-032 / CVE-2016-3081 S2-037 / CVE-2016-4438 S2-046 / CVE-2017-5638 RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL Nike Zheng Chao Jack, Shinsaku Nomura Chris Frohoff, Nike Zheng, Alvaro Munoz 12 May 2016 19 March 2017 24 September 2018 S2-033 / CVE-2016-3087 S2-045 / CVE-2017-5638 S2-057 / CVE-2018-11776 RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL Alvaro Munoz Nike Zheng Man Yue Mo See Also: CVE-2012-0394, CVE-2013-1966, CVE-2012-0391, CVE-2013-2115, CVE-2012-0393 Securing software, together

  4. https://www.reddit.com/r/gifs/comments/2nyeb1/arcade_game_for_cats/ Securing software, together

  5. Solution: When a new mistake is discovered, try and find similar mistakes across your code base Securing software, together

  6. Variant Analysis? “After doing this [root cause analysis], our next step is variant analysis : finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch them simultaneously, otherwise we bear the risk of these being exploited in the wild.” - Steven Hunter, MSRC Vulnerabilities & Mitigations team https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  7. Securing software, together

  8. Code Navigation / IDE Securing software, together

  9. Securing software, together

  10. Automating Variant Analysis Could we describe a mistake in a way that lets us automatically find other instances? Securing software, together

  11. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  12. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  13. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  14. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  15. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  16. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  17. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  18. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  19. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  20. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  21. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  22. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  23. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  24. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  25. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  26. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  27. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  28. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  29. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  30. Beyond your own code ➔ Make your (general-purpose) mistake descriptions open source! ➔ Use external mistake descriptions! Securing software, together

  31. ZipSlip https://snyk.io/research/zip-slip-vulnerability Securing software, together

  32. ZipSlip ../../../.bashrc ../../../../../../../../../etc/crontab https://snyk.io/research/zip-slip-vulnerability Securing software, together

  33. ZipSlip https://snyk.io/research/zip-slip-vulnerability Securing software, together

  34. ZipSlip https://snyk.io/research/zip-slip-vulnerability Securing software, together

  35. Fituing in to your workflow publish / make use external open-source knowledge Diagnose Monitor Security bug Describe mistake root-cause continuously improve description - Bug Bounty program Discover - Pen testing Discover variants unreleased - Code review variants - Audit deploy Fix - Error logs Fix in code Fix original bug Fix variants review deploy Fix Securing software, together

  36. No vulnerability response process? Securing software, together

  37. What variant analysis is NOT ➔ A replacement for good security architecture, a way to avoid large refactors ➔ A replacement for exploit mitigation ➔ A replacement for other security processes ➔ Something that automatically fixes bugs / vulnerabilities. Securing software, together

  38. Recap ➔ You should do variant analysis ➔ Better yet, you should do automated variant analysis ➔ Use and contribute to the shared knowledge / checks ➔ Checks should be run continuously, not once-off! ➔ VA compliments (not replaces) other security practices Securing software, together

  39. Thank You Sam Lanning semmle.com @samlanning @Semmle @samlanning

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSEE 4840 WhAck-A-MoLe Georgios Charitos Aditya Bagri gc2662 aab2234 Jai Sharma Astha

CSEE 4840 WhAck-A-MoLe Georgios Charitos Aditya Bagri gc2662 aab2234 Jai Sharma Astha

CSEE 4840 WhAck-A-MoLe Georgios Charitos Aditya Bagri gc2662 aab2234 Jai Sharma Astha Agrawal js4473 aa3755 Whac-A-Mole The Game The logic of the game is straightforward: Hit as many moles as possible with the hammer.

692 views • 19 slides
AD36 - Distributed Scrum Teams Whack-a-Mole- Creative

AD36 - Distributed Scrum Teams Whack-a-Mole- Creative

AD36 Leading & Coaching Teams 11:30 AM AD36 - Distributed Scrum Teams Whack-a-Mole- Creative Solutions to - Common

795 views • 50 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -> NFP

668 views • 24 slides
EATING DISORDERS EXPLAINED FROM A TRAUMA LENS LESLIE BINCH, LPC-MHSP WHACK A MOLE RECOVERY

EATING DISORDERS EXPLAINED FROM A TRAUMA LENS LESLIE BINCH, LPC-MHSP WHACK A MOLE RECOVERY

2020-04-14 EATING DISORDERS EXPLAINED FROM A TRAUMA LENS LESLIE BINCH, LPC-MHSP WHACK A MOLE RECOVERY FROM AN EATING ADDICTIONS VS. EATING DISORDER DISORDER IS NOT LIKE QUITTING DRUGS AND ALCOHOL. The Symptoms INABILITY TO TOLERATE

275 views • 11 slides
The Mole, and Percent Composition by Mass 1. A mole is a certain

The Mole, and Percent Composition by Mass 1. A mole is a certain

The Mole, and Percent Composition by Mass 1. A mole is a certain ______________________________________________ You could have a mole of ________________________________________________________ 2. A mole is ________________ of something. Which

529 views • 13 slides
Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as

Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as

Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. The Mole, Empirical, and Molecular Formulas 1 mol of electrons = 6.022 x 10 23 electrons 1 mol of H 2 O

307 views • 7 slides
Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable

Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable

5/22/2014 Contemporary Diagnosis of Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable degrees of trophoblastic Nancy Joseph, MD, PhD hyperplasia and villous hydrops. Department of Pathology WHO,

298 views • 19 slides
Restless bandits with controlled restarts: Indexability and computation of Whittle index Nima

Restless bandits with controlled restarts: Indexability and computation of Whittle index Nima

Restless bandits with controlled restarts: Indexability and computation of Whittle index Nima Akbarzadeh, Aditya Mahajan McGill University, Electrical and Computer Engineering Department Dec. 13, 2019 1/23 Whack a Mole 2/23 Applications

545 views • 26 slides
Mole concept There are 6,02 x 10 23 atoms in 12 g of carbon-12. Avogadros constant (N A ) 1

Mole concept There are 6,02 x 10 23 atoms in 12 g of carbon-12. Avogadros constant (N A ) 1

Mole concept There are 6,02 x 10 23 atoms in 12 g of carbon-12. Avogadros constant (N A ) 1 Mole is the amount of substance containing as many particles (atoms, ions, molecules) as there are atoms found in 12 g carbon-12. One mole of atoms

1.44k views • 121 slides
Mole - mole calculations Calculations from chemical equations A balanced chemical equation

Mole - mole calculations Calculations from chemical equations A balanced chemical equation

Mole - mole calculations Calculations from chemical equations A balanced chemical equation Given: If you know the amount of any reactant or product involved in the reaction: A known quantity of one of the reactants/product (in moles)

128 views • 11 slides
Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for nicotine is C 10 H 14 N 2 Slide 2 / 29 The Mole Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. 1 mol of

317 views • 13 slides
Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for nicotine is C 10 H 14 N 2 Slide 2 / 29 The Mole Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. 1 mol of

327 views • 10 slides
Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for

Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for nicotine is C 10 H 14 N 2 Slide 2 / 29 The Mole Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. 1 mol of

573 views • 29 slides
Armed Forces Covenant Page 17 Mole Valley Mole Valley Minute Item 38/16 Who are the Armed

Armed Forces Covenant Page 17 Mole Valley Mole Valley Minute Item 38/16 Who are the Armed

Armed Forces Covenant Page 17 Mole Valley Mole Valley Minute Item 38/16 Who are the Armed Forces Community in Surrey? Page 18 Serving Personnel Cadets Families Veterans Surrey (Regular and Reserve Units) High density of training 16 1

334 views • 18 slides
Dr Roger Miles - Mole Solutions Ltd IPIC2019 London (c) Mole Solutions 2019 Underground

Dr Roger Miles - Mole Solutions Ltd IPIC2019 London (c) Mole Solutions 2019 Underground

Underground Logistics Systems the freight transport mode for 21 st Century Supply Chains. Dr Roger Miles - Mole Solutions Ltd IPIC2019 London (c) Mole Solutions 2019 Underground Logistics Systems (ULS) Executive Summary Road freight

293 views • 11 slides
pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l

pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l

XIS IST pr promoter meth thylatio ion status as as pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l tum tumors Joo oo Lob Lobo Sand ndra ra Nu Nunes, nes, Vera ra Gon Gonal

635 views • 22 slides
Chemical Thermodynamics Examples Consider a simple gas phase equilibrium N 2 O 4 2 NO 2

Chemical Thermodynamics Examples Consider a simple gas phase equilibrium N 2 O 4 2 NO 2

Chemical Thermodynamics Examples Consider a simple gas phase equilibrium N 2 O 4 2 NO 2 What is K p at equilibrium assuming that the gases are ideal and T = 298K? Chemical Thermodynamics CEM 484 2 Examples Consider a simple gas

263 views • 7 slides
Unit1Day5-VandenBout Tuesday, September 10, 2013 3:15 PM Vanden Bout/LaBrake/Crawford CH301

Unit1Day5-VandenBout Tuesday, September 10, 2013 3:15 PM Vanden Bout/LaBrake/Crawford CH301

Unit1Day5-VandenBout Tuesday, September 10, 2013 3:15 PM Vanden Bout/LaBrake/Crawford CH301 LIMITS OF THE LAW MIXTURES Day 5 CH301 Vanden Bout/LaBrake Fall 2013 Important Information LM 10 & 11 POSTED DUE Tue 9AM HW 3 POSTED

692 views • 16 slides
The presenters have no conflicts of interest to disclose Gestational Trophoblastic Disease

The presenters have no conflicts of interest to disclose Gestational Trophoblastic Disease

4/25/2014 Contemporary Diagnosis of Hydatidiform Mole Charles Zaloudek, MD Nancy Joseph, MD, PhD Department of Pathology University of California San Francisco The presenters have no conflicts of interest to disclose Gestational

497 views • 25 slides
Physics 115 General Physics II Session 9 Molecular motion and temperature Phase equilibrium,

Physics 115 General Physics II Session 9 Molecular motion and temperature Phase equilibrium,

Physics 115 General Physics II Session 9 Molecular motion and temperature Phase equilibrium, evaporation R. J. Wilkes Email: phy115a@u.washington.edu Home page: http://courses.washington.edu/phy115a/ 4/14/14 Physics 115 1 Lecture

195 views • 15 slides
Thermodynamics Free E and Phase D J.D. Price Force - the acceleration of Force - the

Thermodynamics Free E and Phase D J.D. Price Force - the acceleration of Force - the

Thermodynamics Free E and Phase D J.D. Price Force - the acceleration of Force - the acceleration of matter (N, kg m/s matter (N, kg m/s 2 ) 2 ) Pressure ( Pressure (P P) - a force applied over an area ) - a force applied over

741 views • 35 slides
Slow Invariant Manifolds in Chemically Reactive Systems Samuel Paolucci (paolucci@nd.edu) Joseph

Slow Invariant Manifolds in Chemically Reactive Systems Samuel Paolucci (paolucci@nd.edu) Joseph

Slow Invariant Manifolds in Chemically Reactive Systems Samuel Paolucci (paolucci@nd.edu) Joseph M. Powers (powers@nd.edu) University of Notre Dame Notre Dame, Indiana 59th Annual Meeting of the APS DFD Tampa Bay, Florida 21 November 2006

496 views • 13 slides
Chemistry 2000 Slide Set 15: Electrochemistry Marc R. Roussel March 5, 2020 Electrochemistry

Chemistry 2000 Slide Set 15: Electrochemistry Marc R. Roussel March 5, 2020 Electrochemistry

Electrochemistry Chemistry 2000 Slide Set 15: Electrochemistry Marc R. Roussel March 5, 2020 Electrochemistry Electrochemical cells Electrochemical cells e V Zn Cu anode cathode = oxidation = reduction Zn 2+ Cu 2+ K + Cl

322 views • 28 slides
Gaseous reference materials to underpin measurements of amount fraction and isotopic composition

Gaseous reference materials to underpin measurements of amount fraction and isotopic composition

Gaseous reference materials to underpin measurements of amount fraction and isotopic composition of greenhouse gases Paul Brewer NOAA ESRL Global Monitoring Annual Conference 23 rd May 2017 Rationale Requirement for traceability from the

269 views • 12 slides

More recommend