software security
play

Software Security Information Security Prof Hans Georg Schaathun - PowerPoint PPT Presentation

Mar 16, 2023 •130 likes •1.06k views

Software Security Information Security Prof Hans Georg Schaathun University of Surrey/lesund University College Autumn 2011 Week 12 Prof Hans Georg Schaathun Software Security Autumn 2011 Week 12 1 / 1 The session Outline Prof

  1. Software Security Information Security Prof Hans Georg Schaathun University of Surrey/Ålesund University College Autumn 2011 – Week 12 Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 1 / 1

  2. The session Outline Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 2 / 1

  3. The session Session objectives Be familiar with the most common implementation errors leading to security vulnerabilities Start developing a good methodology for secure design and implementation 2010 CWE/SANS Top 25 Most Dangerous Software Errors Robert Seacord: Secure Coding in C and C++ https://www.securecoding.cert.org/confluence/ display/seccode/Top+10+Secure+Coding+Practices Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 3 / 1

  4. The session Security or Useability This chapter is largely about software bugs Is this security? . . . or is it useability? Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 4 / 1

  5. The session Security or Useability This chapter is largely about software bugs Is this security? . . . or is it useability? Answer is yes Bugs are user (programmer) mistakes – useability. Many bugs cause security vulnerabilities. Useability is a prerequisite of security. Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 4 / 1

  6. The session Security or Useability This chapter is largely about software bugs Is this security? . . . or is it useability? Answer is yes Bugs are user (programmer) mistakes – useability. Many bugs cause security vulnerabilities. Useability is a prerequisite of security. Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 4 / 1

  7. Top Vulnerabilities Outline Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 5 / 1

  8. Top Vulnerabilities Common Weakness Enumeration 2010 CWE/SANS Top 25 Most Dangerous Software Errors http://cwe.mitre.org/top25/index.html A very few key vulnerabilities behind most incidents Massive benefit from controlling the top few Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 6 / 1

  9. Top Vulnerabilities Top 9 Improper neutralisation of input during web page generation 1 (Cross-Site Scripting) Improper neutralisation of Special Elements in SQL Commands 2 (SQL Injection) Buffer overflow without Checking of Input Size 3 Cross-Site Request Forgery 4 Improper Access Control (Authorisation) 5 Reliance on Untrusted Inputs in a Security Decision 6 Improper Limitation of a Pathname to a Restricted Directory (Path 7 Traversal) Unrestricted Upload of File with Dangerous Type 8 Improper neutralisation of Special Elements used in an OS 9 Command Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 7 / 1

  10. Top Vulnerabilities Top 9 Improper neutralisation of input during web page generation 1 (Cross-Site Scripting) Improper neutralisation of Special Elements in SQL Commands 2 (SQL Injection) Buffer overflow without Checking of Input Size 3 Cross-Site Request Forgery 4 Improper Access Control (Authorisation) 5 Reliance on Untrusted Inputs in a Security Decision 6 Improper Limitation of a Pathname to a Restricted Directory (Path 7 Traversal) Unrestricted Upload of File with Dangerous Type 8 Improper neutralisation of Special Elements used in an OS 9 Command Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 7 / 1

  11. Top Vulnerabilities Trusting Input Most of the top vulnerabilities relate to user input ... Cross-Site Scripting SQL Injection Reliance on Untrusted Input File upload Path traversal Special elements in OS commands Integrity of Code and Data ... Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 8 / 1

  12. Top Vulnerabilities Trusting Input Most of the top vulnerabilities relate to user input ... Cross-Site Scripting SQL Injection Reliance on Untrusted Input File upload Path traversal Special elements in OS commands Integrity of Code and Data ... Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 8 / 1

  13. Input Checking Outline Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 9 / 1

  14. Input Checking Top 9 Improper neutralisation of input during web page generation 1 (Cross-Site Scripting) Improper neutralisation of Special Elements in SQL Commands 2 (SQL Injection) Buffer overflow without Checking of Input Size 3 Cross-Site Request Forgery 4 Improper Access Control (Authorisation) 5 Reliance on Untrusted Inputs in a Security Decision 6 Improper Limitation of a Pathname to a Restricted Directory (Path 7 Traversal) Unrestricted Upload of File with Dangerous Type 8 Improper neutralisation of Special Elements used in an OS 9 Command Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 10 / 1

  15. Input Checking Input Checking 4 out of 9 vulnerabilities very similar instances of input checking E . G . SQL injection SELECT * FROM users WHERE name=’John’ ; Now, say the user enters a name, instead of using ’John’ SELECT * FROM users WHERE name=’$n’ ; What if the user enters Mary’ ; DROP TABLE users ; ... ’ What happens? Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 11 / 1

  16. Input Checking Input Checking 4 out of 9 vulnerabilities very similar instances of input checking E . G . SQL injection SELECT * FROM users WHERE name=’John’ ; Now, say the user enters a name, instead of using ’John’ SELECT * FROM users WHERE name=’$n’ ; What if the user enters Mary’ ; DROP TABLE users ; ... ’ What happens? Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 11 / 1

  17. Input Checking Input Checking 4 out of 9 vulnerabilities very similar instances of input checking E . G . SQL injection SELECT * FROM users WHERE name=’John’ ; Now, say the user enters a name, instead of using ’John’ SELECT * FROM users WHERE name=’$n’ ; What if the user enters Mary’ ; DROP TABLE users ; ... ’ What happens? Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 11 / 1

  18. Input Checking Input Checking 4 out of 9 vulnerabilities very similar instances of input checking E . G . SQL injection SELECT * FROM users WHERE name=’John’ ; Now, say the user enters a name, instead of using ’John’ SELECT * FROM users WHERE name=’$n’ ; What if the user enters Mary’ ; DROP TABLE users ; ... ’ What happens? Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 11 / 1

  19. Input Checking Input Checking 4 out of 9 vulnerabilities very similar instances of input checking E . G . SQL injection SELECT * FROM users WHERE name=’John’ ; Now, say the user enters a name, instead of using ’John’ SELECT * FROM users WHERE name=’$n’ ; What if the user enters Mary’ ; DROP TABLE users ; ... ’ What happens? Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 11 / 1

  20. Input Checking Input Checking 4 out of 9 vulnerabilities very similar instances of input checking E . G . SQL injection SELECT * FROM users WHERE name=’John’ ; Now, say the user enters a name, instead of using ’John’ SELECT * FROM users WHERE name=’$n’ ; What if the user enters Mary’ ; DROP TABLE users ; ... ’ What happens? Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 11 / 1

  21. Input Checking What may happen SELECT * FROM users WHERE name=’Mary’ ; DROP TABLE users ; ... ’’ We select user Mary, and then drop the table Successful availability attack — the table is destroyed The string delimiter (’) in the input allows the user to terminate the string (which was expected) and add another command (which was not expected) Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 12 / 1

  22. Input Checking What may happen SELECT * FROM users WHERE name=’Mary’ ; DROP TABLE users ; ... ’’ We select user Mary, and then drop the table Successful availability attack — the table is destroyed The string delimiter (’) in the input allows the user to terminate the string (which was expected) and add another command (which was not expected) Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 12 / 1

  23. Input Checking What should happen SELECT * FROM users WHERE name=’Mary’’ ; DROP TABLE users ; ... ’’ The special character is escaped and treated as part of the string The offending Command is now part of the name and not harmful Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 13 / 1

  24. Input Checking What should happen SELECT * FROM users WHERE name=’Mary’’ ; DROP TABLE users ; ... ’’ The special character is escaped and treated as part of the string The offending Command is now part of the name and not harmful Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 13 / 1

  25. Input Checking What should happen SELECT * FROM users WHERE name=’Mary’’ ; DROP TABLE users ; ... ’’ The special character is escaped and treated as part of the string The offending Command is now part of the name and not harmful Prof Hans Georg Schaathun Software Security Autumn 2011 – Week 12 13 / 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a course on software security? Software plays a major role in the modern society But is a major source of security problems. Software is the

659 views • 30 slides
Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Agenda Securing the software

1.91k views • 65 slides
Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the program enforces expected C onfidentiality I ntegrity A vailability How can we look at software component and assess its

837 views • 49 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Some recent attacks 2 A game changer The Internet

1.17k views • 87 slides
Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2014 jan (sect) Software Security SoSe 2014 1 / 13 Recap: Overflow Bugs Ingredients: fixed-size buffer on the

429 views • 13 slides
CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 7, 2010 The Problem

580 views • 28 slides
1 & 2 Samuel Series Lesson #086 March 21, 2017 Dean Bible Ministries

1 & 2 Samuel Series Lesson #086 March 21, 2017 Dean Bible Ministries

1 & 2 Samuel Series Lesson #086 March 21, 2017 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. D AVID E SCAPES ; D IVINE G UIDANCE 1 Samuel 23:129 1 Sam. 23:1, Then they told David, saying, Look, the

589 views • 33 slides
POLI 437: International Relations of Latin America TODAY How to read articles The problem of

POLI 437: International Relations of Latin America TODAY How to read articles The problem of

POLI 437: International Relations of Latin America TODAY How to read articles The problem of causality Reading big tables READING BETTER Amelia Hoover Greene on reading political science better Better = efficiently + good notes Good

631 views • 40 slides
Testing atomicity Finding race conditions by random testing John Hughes "We know there is a

Testing atomicity Finding race conditions by random testing John Hughes "We know there is a

Testing atomicity Finding race conditions by random testing John Hughes "We know there is a lurking bug somewhere in the dets code. We have got 'bad object' and 'premature eof' every other month the last year. We have not been able to

584 views • 29 slides
Todd Klindt Todd.klindt@sympraxisconsulting.com @toddklindt www.toddklindt.com

Todd Klindt Todd.klindt@sympraxisconsulting.com @toddklindt www.toddklindt.com

Todd Klindt Todd.klindt@sympraxisconsulting.com @toddklindt www.toddklindt.com www.toddklindt.com/MSPSUG Agenda Before you Connect Except Exchange $PSVersionTable.PSVersion Also consider adding PSReadLine if you are not on Win10

814 views • 57 slides
PowerShell Todd Klindt Todd.klindt@sympraxisconsulting.com @toddklindt www.toddklindt.com

PowerShell Todd Klindt Todd.klindt@sympraxisconsulting.com @toddklindt www.toddklindt.com

PowerShell Todd Klindt Todd.klindt@sympraxisconsulting.com @toddklindt www.toddklindt.com www.toddklindt.com/ShortURL Agenda Talk about Microsofts PowerShell Talk about PNP Look at some fun scripts Official Modules There are 4

638 views • 52 slides
One-Slide Summary Objectifying and Programming Real databases, unlike PS5, have many with

One-Slide Summary Objectifying and Programming Real databases, unlike PS5, have many with

One-Slide Summary Objectifying and Programming Real databases, unlike PS5, have many with Objects concerns, such as scalability and atomic transactions. An object packages state and procedures. A procedure on an object is called a

229 views • 8 slides
/me: Andrea Cardaci Application Security Specialist @ SecureFlag cardaci.xyz Blog and

/me: Andrea Cardaci Application Security Specialist @ SecureFlag cardaci.xyz Blog and

/me: Andrea Cardaci Application Security Specialist @ SecureFlag cardaci.xyz Blog and vulnerability research github.com/cyrus-and GTFOBins gdb-dashboard mysql-unsha1 fracker ... Walkthrough PwnLab: init

551 views • 36 slides

More recommend