Software Development SecurityCISSP Domain 4Pages 632-698

Tim JensenLead ResearcherStaridLabs

Software Development Methodolgy

How to plan, design, scope, develop, and document an application or addition to an application.

Waterfall

Slow every phase is thoroughly planned and locked in before development beings.

Developers work on one phase at a time, adhoc or concurrent tasks are generally not done.

Better for security since code changes are thought out in advance and lack of concurrent tasks means your not 'mashing' code together.

Once the design is approved there's no changing it if defects are found later. Once the product is released then a new cycle starts to plan, remediate, and add features.

Models based on Waterfall

Structured Programming Development

Widely known

Focuses on coherence, comprehensibility, freedom from faults, and security

Requires defined processes and modular development

Each phase requires review and approval

Spiral Method

Each phase goes through the waterfall design phase

Adds a risk assessment to 'check' phase. The estimated cost to complete the phase and the schedule are updated each iteration Based on the risk assessment a 'go or no go' decision is made.

Spiral Method 2 - PDCA

Cleanroom

Significant time is spent in the design phase.

Theory is bugs won't get into software if it's properly written the first time.

Less time spent on testing of this 'perfect code'

Iterative Development

Iterative Development

Allows for refinement during the process

Requires consistent change control even during initial design

Scope creep allowed

Difficult to verify security due to constant changes

Types of Iterative Development

Prototyping

Create a simplified version of the application and release it for review. Use the feedback to build a second, better version.

Repeat process until users are satisfied

Concept, design, implement, refine

Modified Prototype Model (MPM)

Ideal for web app development

Basic functionality is rapidly deployed

Maintenance phase beings after deployment

Flexibility and speed is key

Rapid Application Development

Strict time limits are set for each phase

Uses tools for rapid development

Must watch for bad decisions that lead to poor design

Joint Analysis Development (JAD)

Work directly with users to develop working application

End users are directly involved with development planning and testing

Exploratory model

System requirements are assumed. When further information comes in then the system is modified.

Other Models

Computer Aided Software Engineering (CASE)

Uses tools and applications to rapidly develop and test functionality

IDE, Test macros, fuzzers, Auto documentation functions, etc.

Computer-based development

Uses standardized building blocks to assemble an application (vs develop)

IE: Dreamweaver over a text editor for building a website.

Databases

Purpose of a database

Central storage location

saves disk space

makes data more consistent

DBMS components

Database engine

Hardware Platform

Application Software

Users

Database Required Functions

Transaction Persistence The state of the database is the same after a transaction as it was prior.

Fault tolerance and recovery Data should remain in it's original state.Rollback recovery Stripping transactions to a known good state

Shadow recovery Installing a known good state and adding transactions from a transaction log

Required Functions 2

Sharing by multiple usersData should be accessible to multiple users without locking or endagering the data

Security ControlsAccess controls, integrity checking, etc

Relational Databases

Use Primary keys and foreign keys to break data into tables of like data, allowing for table data to be linked. - Used to speed up queries of large sets of data

Structured Query Language (SQL)

Allows for querying and displaying of data from a database

SQL compliant databases have:Schemas Describes structure of the database

Tables Columns and rows of data

Views Custom joins on data so multiple tables can be seen as one record

Database interface languages

ODBC Open Database Connectivity

JDBC Java Database Connectivity

XML Extensible Markup Language

OLE DB Object Linking and Embedding Database

ADO ActiveX Data Objects

ODBC

Very common

Username and password are stored in plaintext

Call and return data are sent cleartext over the network

Access verification is rudimentary

ODBC drivers can elevate system access applications must be trusted

JDBC

Need to specify user authentication, control user access, and audit user functions. None of this is enabled by default.

XML

Provides consistent strucutre to data

Easy to transfer data between languages, operating systems, etc.

**Rant on schemas

OLE DB

Microsoft technology not usable anywhere else.

Allows documents or files to be embedded inside others. Example: A word document can be entirely embedded in an excel spreadsheet

Metadata

Data about data IE: headers on IP packets showing where the data came from and where it's going.

Allows unrelated data to be correlated

Database threats

Aggregation combining nonsensitive data from separate sources to create sensitive information

Bypass attacks Users bypasses front end controls to access information

Compromising database views

Concurrency Running processes that use old data, updates that are inconsistent, deadlocks

Data Contamination Data corruption

Deadlocking To users try to access the same information and both are denied

Threats Continued

Denial of Service Table locks, intensive processing, poor queries.

Improper modification of information Intensional or accidental modification of information which damages the integrity

Inference Users may be able to infer confidential information from available records

Interception of data Data may be intercepted between client and server

More Threats

Query Attacks Querying the database in a way that gains a user more information than if they used the trusted frontend

Server Access

Website security

Unauthorized Access

Lock Controls

Atomicity A transaction is either fully committed or rolled back. No partial updates

Consistency Data must be validated before the transaction is allowed

Isolation Transaction is isolated from all other transactions until complete

Durability Completed transactions are permanent and will survive system/media failure (IE not stored in memory which is wiped if the power goes out rather is stored on disk)

Web Application Threats

Injection

Broken Authentication and Session Management

Cross-Site Scripting (XSS)

Insecure Direct Object References

Security Misconfiguration

Sensitive Data Exposure

Missing Function Level Access Control

Cross-Site Request Forgery (CSRF)

Using Components with Known Vulnerabilities

Unvalidated Redirects and Forwards

Object Oriented Programming (OOP)

Object oriented programming is ultimately writing applications in small blocks and connecting the blocks to create a functional system.

This allows for code re-use, and security and portability of smiliar code. IE: All authentication code can be in one class and inherit permissions as a set.

OOP Things to know

Encapsulation (Data Hiding)A class defines only the data I needs to be concerned with. The code cannot access other non-related data

Good for security

Inheritance

Subclasses can inherit properties of it's main class. Objects in the class can inherit from like objects

Polymorphism

Objects may be processed differently depending on their data type. Instantiating an object from a prior object ensures the new object inherits attributes and methods from the original

Polyinstantiation

Specific objects instantiated form a higher class may vary their behavior depending upon the data they contain

Basically allows data classification programatically so data leakage/inference is minimized.

OOP Security

No object should be able to access another object's internal data. Data should be passed in and out and while inside the object should be protected from external influence.

Class Inheritance

Classes are designed to inherit code from other classes. This is a complex processes which in larger applications can cause security breaches for object access.

Example: If there's administrator functions that require login credentials and someone can modify the code to allow access to the admin functions without credentials, then this would violate the access control model of the application.

What's so complex about class inheritance?

CORBA

Jem already gave a mini talk on CORBA. If anyone has further questions related to CORBA security we can have Jem address them since I've never used CORBA.