Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building More Secure Applications Dave Glover Developer Solutions Specialist Microsoft Australia Blog:

Similar presentations


Presentation on theme: "Building More Secure Applications Dave Glover Developer Solutions Specialist Microsoft Australia Blog:"— Presentation transcript:

1 Building More Secure Applications Dave Glover Developer Solutions Specialist Microsoft Australia Blog: Graham Elliott Architectural Technology Specialist Microsoft Australia ARC215

2 Agenda The Importance of Application Security Addressing Application Security Security Principles to Live By Tools and Resources Next Steps Q&A

3 The Importance of Application Security The Gartner Group states: "Today over 70% of attacks against a company's Web site or Web application come at the 'Application Layer' not the Network or System layer." Microsoft Developer Research: "64 percent of developers are not confident in their ability to write secure applications"

4

5 Understanding The Attackers Author Script-Kiddie Hobbyist Hacker Expert Specialist Vandal, Cyberpun k Thief, Booster, Fence, Classic Criminals Spy, Terrorist Mal-Tech Trespasser National Interest, Chaos Steal Something of Value / assets Personal Fame, To Embarrass, To Win Curiosity Nothing Anyone Un-intentional Disgruntled Employee

6 Example Threats Against The Application ThreatExamples SQL injection Inc DROP TABLE in text typed into an input field Cross-site scripting Using malicious client-side script to steal cookies Hidden-field tampering Maliciously changing the value of a hidden field Eavesdropping Using a packet sniffer to steal passwords and cookies from traffic on unencrypted connections Session hijacking Using a stolen session ID cookie to access someone else's session state Identity spoofing Using a stolen forms authentication cookie to pose as another user Information disclosure Allowing client to see a stack trace when an unhandled exception occurs

7 Addressing Application Security Graham

8 Holistic Approach to Security Port blocking FilteringEncryption FilteringEncryption Spoofed packets, etc. Network Defend the network Updates IIS hardening ACLsCASLogging Least privilege Account management Updates IIS hardening ACLsCASLogging Least privilege Account management Buffer overflows, illicit paths, etc. Host Defend the host ValidationHashingEncryption Secrets Mgt. Cookie Mgt. Session Mgt. Error handling ValidationHashingEncryption Secrets Mgt. Cookie Mgt. Session Mgt. Error handling SQL injection, XSS, input tampering, etc. Application Defend the application

9 Holistic Approach Challenges Attacker needs to understand only one security issue Defender needs to secure all entry points Attacker has unlimited time Defender works with time and cost constraints Attacker needs to understand only one security issue Defender needs to secure all entry points Attacker has unlimited time Defender works with time and cost constraints Attackers vs. Defenders Architects, developers and management think that security does not add any business value Addressing security issues just before a product is released is very expensive Architects, developers and management think that security does not add any business value Addressing security issues just before a product is released is very expensive Security As an Afterthought Do I need security … Secure systems are more difficult to use Complex and strong passwords are difficult to remember Users prefer simple passwords Secure systems are more difficult to use Complex and strong passwords are difficult to remember Users prefer simple passwords Security vs. Usability

10 The Paradigm Shift… Security is not about being “buzzword compliant” Simply “looking for bugs” doesn’t make software secure You must reduce the chance defects are entered into the design and code Requires executive commitment and investment Requires process improvement Requires education

11 Security Development Lifecycle TestPlans Complete Test Plans CompleteDesignsComplete Concept CodeComplete ShipPost-Ship Security push Security questions during interviews Determine security sign-off criteria External review Threat Modeling Response Process Security team review Education Data mutation and least privilege tests Review old defects, check-ins checked secure coding guidelines, use tools = ongoing Final Security review

12 Microsoft’s SDL Security Training Security Kickoff & Register with SWI Security Design Best Practices Security Arch & Attack Surface Review Use Security Development Tools & Security Best Dev & Test Practices Create Security Docs and Tools For Product Prepare Security Response Plan Security Push Pen Testing Final Security Review Security Servicing & Response Execution Feature Lists Quality Guidelines Arch Docs Schedules Design Specifications Testing and Verification Development of New Code Bug Fixes Code Signing A Checkpoint Express Signoff RTM Product Support Service Packs/ QFEs Security Updates RequirementsDesignImplementationVerificationRelease Support & Servicing Threat Modeling Functional Specifications Security Deployment Lifecycle Task and Processes Traditional Microsoft Software Product Development Lifecycle Tasks and Processes

13 Early Results of the SDL Windows pre- and post-SDL critical and important security bulletins SQL Server 2000 pre- and post-SDL security bulletins Exchange Server 2000 pre- and post-SDL security bulletins

14 Threat Modeling Secure software starts with understanding the threats Threats are not vulnerabilities Threats live forever, they are the attacker’s goal(s) Threat Asset Mitigation Vulnerability

15 Security Principles to Live By Graham

16 Security Principles to Live By Living in an un-trusted world Security Features != Secure Features Don’t Trust Input, Assume it’s All Evil Always validate data as it crosses trust boundaries Don’t rely on client side validation Constrain, reject, and sanitize user input Type checks, length checks, range checks, format checks Assume external systems are insecure Use managed code where possible

17 Security Principles to Live By Do you really need to be admin? Use Least Privilege (to build, test and run) Applications should execute with the least privilege to get the job done and no more You will make mistakes Malicious code executing in a highly- privileged process runs with extra privileges Design for Separation of Privilege

18 Security Principles to Live By Reducing your exposure Reduce Your Attack Surface (early) The interfaces exposed to an attacker Surfaces on by default are the most valuable to attackers Minimizing attack surface minimizes complexity Use only the services that your application requires Employ Secure Defaults Install application in a secure state Users should have to enable features that reduce security Users should NOT have to disable features to achieve security Understand Your Giblets

19 Security Principles to Live By Code fails… really, it does! Plan on Failure, Fail in a Secure Mode Failure code path should be most secure Don’t log detailed error to the client Learn From Mistakes (yours and theirs) Understand them; and fix them correctly Build security into your response plans Defence in Depth Threat risk goes down as threat difficulty goes up Driven by policy

20 Key Security Principles Protecting your secret stuff Treat the storage medium as if it were at risk Confidentiality and Integrity Avoid Storing Secrets If required, store hashes of secrets Take appropriate security measures Never Depend on “Security by Obscurity” Obscurity cannot provide real security Eg: roll your own crypto, hiding security keys in files, relying on undocumented registry keys

21 Tools and Resources Dave

22 Security in Visual Studio 2005 Create project and testing policies Integrated Bug Tracking Distributed system designers CAS and IntelliSense in Zone Permission Calculator Data Protection API ASP.NET v2 security made easy

23 Security in Visual Studio 2005 Application Verifier Static Analysis Tools Code Coverage Load/Stress Testing VB.NET My Classes

24 Visual Studio Application Designer - IntelliSense in Zone

25 Next Steps Next Steps Stay informed about security Microsoft Developers Network Security Center Microsoft Security Guidance Get additional security training Find online and in-person training seminars: Read the books: Threat Modeling Writing Secure Code

26 We invite you to participate in our online evaluation on CommNet, accessible Friday only If you choose to complete the evaluation online, there is no need to complete the paper evaluation Your Feedback is Important!

27

28 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

29


Download ppt "Building More Secure Applications Dave Glover Developer Solutions Specialist Microsoft Australia Blog:"

Similar presentations


Ads by Google