Presentation is loading. Please wait.

Presentation is loading. Please wait.

Writing Secure Code – Best Practices Name Job Title Company.

Published byEzra Waters Modified over 7 years ago

Similar presentations

Presentation on theme: "Writing Secure Code – Best Practices Name Job Title Company."— Presentation transcript:

1 Writing Secure Code – Best Practices Name Job Title Company

2 What We Will Cover Secure Development Process Threat Modeling Risk Mitigation Security Best Practices

3 Session Prerequisites Development experience with Microsoft Visual Basic®, Microsoft Visual C++®, or C# Level 200

4 Agenda Secure Development Process Threat Modeling Risk Mitigation Security Best Practices

5 Improving the Application Development Process Consider security At the start of the process Throughout development Through deployment At all software review milestones Do not stop looking for security bugs until the end of the development process

6 SD 3 Secure by Design Secure by Default Secure in Deployment Secure architecture and code Threat analysis Vulnerability reduction Attack surface area reduced Unused features turned off by default Minimum privileges used Protection: Detection, defense, recovery, and management Process: How to guides, architecture guides People: Training The SD 3 Security Framework

7 Secure Product Development Timeline TestPlans Complete Test Plans CompleteDesignsComplete Concept CodeComplete ShipPost-Ship Test for security vulnerabilities Assess security knowledge when hiring team members Determine security sign-off criteria Send out for external review Analyze threats Learn and refine Perform security team review Train team members Test for data mutation and least privilege Resolve security issues, verify code against security guidelines =ongoing

8 Secure By Design Raise security awareness of design team Use ongoing training Challenge attitudes - “What I don’t know won’t hurt me” does not apply! Get security right during the design phase Define product security goals Implement security as a key product feature Use threat modeling during design phase

9 Agenda Secure Development Process Threat Modeling Risk Mitigation Security Best Practices

10 What Is Threat Modeling? Threat modeling is a security-based analysis that: Helps a product team understand where the product is most vulnerable Evaluates the threats to an application Aims to reduce overall security risks Finds assets Uncovers vulnerabilities Identifies threats Should help form the basis of security design specifications

11 Benefits of Threat Modeling Helps you understand your application better Helps you find bugs Identifies complex design bugs Helps integrate new team members Drives well-designed security test plans Threat Vulnerability Asset

12 The Threat Modeling Process Identify Assets 1 Create an Architecture Overview 2 Decompose the Application 3 Identify the Threats 4 Document the Threats 5 Rate the Threats 6 Threat Modeling Process

13 Threat Modeling Process Step 1: Identify Assets Build a list of assets that require protection, including: Confidential data, such as customer databases Web pages System availability Anything else that, if compromised, would prevent correct operation of your application

14 Threat Modeling Process Step 2: Create An Architecture Overview Identify what the application does Create an application architecture diagram Identify the technologies NTFS Permissions (Authentication) File Authorization URL Authorization.NET Roles (Authentication) User-Defined Role (Authentication) SSL (Privacy/Integrity) Trust Boundary Alice Mary Bob IIS Anonymous Authentication Forms Authentication IPSec (Private/Integrity) Trust Boundary ASPNET (Process Identity) Microsoft ASP.NET Microsoft ASP.NET Microsoft Windows r Authentication Microsoft SQL Server™

15 Threat Modeling Process Step 3: Decompose the Application Break down the application Create a security profile based on traditional areas of vulnerability Examine interactions between different subsystems Use DFD or UML diagrams Identify Trust Boundaries Identify Data Flow Identify Entry Points Identify Privileged Code Document Security Profile

16 Threat Modeling Process Step 4: Identify the Threats Assemble team Identify threats Network threats Host threats Application threats

17 Types of threats Examples S poofing Forging e-mail messages Replaying authentication packets T ampering Altering data during transmission Changing data in files R epudiation Deleting a critical file and deny it Purchasing a product and deny it I nformation disclosure Exposing information in error messages Exposing code on Web sites D enial of service Flooding a network with SYN packets Flooding a network with forged ICMP packets E levation of privilege Exploiting buffer overruns to gain system privileges Obtaining administrator privileges illegitimately Threat Modeling Process Identify the Threats by Using STRIDE

18 Threat #1 (I) View payroll data 1.1 Traffic is unprotected 1.2 Attacker views traffic 1.2.1 Sniff traffic with protocol analyzer 1.2.2 Listen to router traffic 1.2.2.1 Router is unpatched 1.2.2.2 Compromise router 1.2.2.3 Guess router password 1.0 View payroll data (I) 1.1 Traffic is unprotected (AND) 1.2 Attacker views traffic 1.2.1 Sniff traffic with protocol analyzer 1.2.2 Listen to router traffic 1.2.2.1 Router is unpatched (AND) 1.2.2.2 Compromise router 1.2.2.3 Guess router password Threat Modeling Process Identify the Threats by Using Attack Trees

19 Threat Modeling Process Step 5: Document the Threats Document threats by using a template: Leave Risk blank (for now) Threat DescriptionInjection of SQL Commands Threat target Data Access Component Risk Attack techniques Attacker appends SQL commands to user name, which is used to form a SQL query Countermeasures Use a regular expression to validate the user name, and use a stored procedure with parameters to access the database

20 Threat Modeling Process Step 6: Rate the Threats Use formula: Risk = Probability * Damage Potential Use DREAD to rate threats Damage potential Damage potential Reproducibility Reproducibility Exploitability Exploitability Affected users Affected users Discoverability Discoverability

21 Threat Modeling Process Example: Rate the Threats Threat #1 (I) View payroll data 1.1 Traffic is unprotected 1.2 Attacker views traffic 1.2.1 Sniff traffic with protocol analyzer 1.2.2 Listen to router traffic 1.2.2.1 Router is unpatched 1.2.2.2 Compromise router 1.2.2.3 Guess router password Damage potential Affected Users -or- Damage Reproducibility Exploitability Discoverability -or- Chance

22 Coding to a Threat Model Use threat modeling to help Determine the most “dangerous” portions of your application Prioritize security push efforts Prioritize ongoing code reviews Determine the threat mitigation techniques to employ Determine data flow

23 Agenda Secure Development Process Threat Modeling Risk Mitigation Security Best Practices

24 Risk Mitigation Options Option 1: Do Nothing Option 2: Warn the User Option 3: Remove the Problem Option 4: Fix It Patrolled

25 Risk Mitigation Process Threat Type (STRIDE) Mitigation Technique Technology SpoofingAuthentication NTLM X.509 certs PGP keys Basic Digest Kerberos SSL/TLS 1.Identify category For example: Spoofing 2.Select techniques For example: Authentication or Protect secret data 3.Choose technology For example: Kerberos

26 Sample Mitigation Techniques Client Server Persistent Data Authentication Data Configuration Data STRIDE   SSL/TLS   IPSec   RPC/DCO with Privacy   Firewall   Limiting resource utilization for anonymous connections   Strong access control   Digital signatures   Auditing Insecure Network

27 Agenda Secure Development Process Threat Modeling Risk Mitigation Security Best Practices

28 Run with Least Privilege Well-known security doctrine: “Run with just enough privilege to get the job done, and no more!” Elevated privilege can lead to disastrous consequences Malicious code executing in a highly privileged process runs with extra privileges too Many viruses spread because the recipient has administrator privileges

29 Demonstration 1 ASP.NET Applications Security Investigating ASP.NET Application Privileges Restricting ASP.NET Applications Trust Levels Sandboxing Privileged Code Using Sandboxed Assemblies

30 Reduce the Attack Surface Expose only limited, well documented interfaces from your application Use only the services that your application requires The Slammer and CodeRed viruses would not have happened if certain features were not on by default ILoveYou (and other viruses) would not have happened if scripting was disabled Turn everything else off

31 Do Not Trust User Input Validate all input Assume all input is harmful until proven otherwise Look for valid data and reject everything else Constrain, reject, and sanitize user input with Type checks Length checks Range checks Format checks Validator.ValidationExpression = "\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*";

32 Demonstration 2 Windows Forms Validation Viewing a Non-Validating Application Adding Input Validation Validating the Complete Form

33 Defense in Depth (1 of 3) Use Multiple Gatekeepers SSL ISA Firewall IIS SQL Server ISA Firewall IPSec

34 Defense in Depth (2 of 3) Apply Appropriate Measures for Each Layer Check security Application.dll Application.exe Check security Secure resource with an ACL Application.dll

35 Defense in Depth (3 of 3) Use Strong ACLs on Resources Design ACLs into the application from the beginning Apply ACLs to files, folders, Web pages, registry settings, database files, printers, and objects in Active Directory Create your own ACLs during application installation Include DENY ACEs Do not use NULL DACLs

36 Do Not Rely on Security by Obscurity Do not hide security keys in files Do not rely on undocumented registry keys Always assume an attacker knows everything you know

37 Use Data Protection API (DPAPI) to Protect Secrets Two DPAPI functions: CryptProtectDataCryptUnprotectData Two stores for data encrypted with DPAPI: User store Machine store

38 Demonstration 3 DPAPI Storing Connection Strings in Web.config Encrypting Connection Strings with DPAPI Installing the Aspnet_setreg Utility Using Encrypted Attributes in a Configuration File Granting Permissions on Registry Keys

39 Fail Intelligently (1 of 2) If your code does fail, make sure it fails securely DWORD dwRet = IsAccessAllowed(…); if (dwRet == ERROR_ACCESS_DENIED) { // Security check failed. // Inform user that access is denied } else { // Security check OK. // Perform task… } What if IsAccessAllowed() returns ERROR_NOT_ ENOUGH_MEMORY? What if IsAccessAllowed() returns ERROR_NOT_ ENOUGH_MEMORY?

40 Fail Intelligently (2 of 2) Do not: Reveal information in error messages Consume resources for lengthy periods of time after a failure Do: Use exception handling blocks to avoid propagating errors back to the caller Write suspicious failures to an event log

41 Test Security Involve test teams in projects at the beginning Use threat modeling to develop security testing strategy Think Evil. Be Evil. Test Evil. Automate attacks with scripts and low-level programming languages Submit a variety of invalid data Delete or deny access to files or registry entries Test with an account that is not an administrator account Know your enemy and know yourself What techniques and technologies will hackers use? What techniques and technologies can testers use?

42 Learn from Mistakes If you find a security problem, learn from the mistake How did the security error occur? Has the same error been made elsewhere in the code? How could it have been prevented? What should be changed to avoid a repetition of this kind of error? Do you need to update educational material or analysis tools?

43 Session Summary Secure Development Process Threat Modeling Risk Mitigation Security Best Practices

44 Next Steps 1. Stay informed about security  Sign up for security bulletins: http://www.microsoft.com/security/security_bulletins/alerts2.asp  Get the latest Microsoft security guidance: http://www.microsoft.com/security/guidance/ 2. Get additional security training  Find online and in-person training seminars: http://www.microsoft.com/seminar/events/security.mspx  Find a local CTEC for hands-on training: http://www.microsoft.com/learning/

45 For More Information Microsoft Security Site (all audiences) http://www.microsoft.com/security MSDN Security Site (developers) http://msdn.microsoft.com/security TechNet Security Site (IT professionals) http://www.microsoft.com/technet/security

46 Questions and Answers

47

Download ppt "Writing Secure Code – Best Practices Name Job Title Company."

Similar presentations

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts

Understand Database Security Concepts
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Writing Secure Code – Best Practices

Writing Secure Code – Best Practices
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Essentials of Security Steve Lamb Technical Security Advisor

Essentials of Security Steve Lamb Technical Security Advisor
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Secure SQL Server configuration Pat Larkin Ward Solutions

Secure SQL Server configuration Pat Larkin Ward Solutions
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Similar presentations

Ads by Google