Professional Documents
Culture Documents
Nutri Worldwide Inc. had developed a Vendor Management System for their vendor
management process. One of the key features of the new software is the centralized bidding
process for contracts.
It was noticed that, regardless of the number of bidders, one vendor always managed to get the contract
for
the supply of bottles and cans for one of the processing units.
It was later found following a thorough investigation that this vendor managed to access the bidding data.
During the programming and testing phase of the development of the software, secure programming
practices were not implemented.
System Environments
System environments can be defined as a combination of different independent components like servers,
application networks, and their inter-relationships.
below:
• Distributed Environment
• Client—Server Systems
LAN
• Local Environment
Firewall Internet
• Distributed Data Processing (DDP)
• Agents
Database Server
• Applets
Distributed Environment
• Application software
Network
• Application platform;
D EPT Table EMP Tab le
• Technology interface;
HQ Database Sales Database
• Information; and
• Communications.
Workstation Output Devices
Client/Server Systems and Local Environment
• Anti-virus program
• Patch management
Applets
Publicly released software may come in different forms after programming. The different types of software
are described here:
Publicly Released
Software
Freeware Programming
and Closed-Source Software
Software
Shareware
Threats in the Software Environment
Buffer Overflow
• The excess input data overflows and overwrites another part of the program’s memory space.
Citizen Programmers
• Citizen Programmers are programmers who create applications with both security and reliability problems.
• Applications developed by them are chaotic and lack assurance with regard to security.
Threats in the Software Environment (contd.)
Covert Channel
Covert storage channel involves the direct or indirect reading of a storage location by two different processes.
Covert timing channel involves the ability to influence the rate that some other process is able to acquire
resources.
Malicious Software
• The purposes of malware include Propagation, Damage and destruction of information, Stealth of
information, Usage monitoring, Denial of Service, and Remote control.
Threats in the Software Environment (contd.)
• Malformed Input Attack is where inputs are collected from the users and configured in unusual ways.
• There are various systems to detect and protect against such attacks.
Memory/Object reuse
• Sometimes, residual information remains when a section of memory is reassigned to a new process after a
previous process is finished with it. This leads to a security violation.
• Developers should also be careful with the reuse of other resources that can contain information, such as
disk space.
• The paging or swap file on the disk may contain an enormous amount of sensitive information.
Threats in the Software Environment (contd.)
• Executable content or mobile code is software that is transmitted across a network from a remote source
to a local system and is then executed on that local system.
• The concept has been known by many names: mobile agents, mobile code, downloadable code,
executable content, active capsules, and remote code.
Social Engineering
• Time of Check or Time of Use occurs based on the time variations between the system security functions
check on the variables’ contents and when the variables are actually used during operations.
Data Contamination
Garbage collection
• The garbage collector attempts to reclaim garbage or memory occupied by objects that are no longer in
use by the program.
• The time when the garbage is collected is unpredictable, resulting in stalls scattered throughout a session.
Trapdoor/Backdoor
• A programmer who knows about the backdoor can exploit the trapdoor as a covert means of access.
Measuring System Development Process
The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product
is a direct function of the quality of its associated software development and maintenance processes. The
following are the five maturity levels of Software CMM Model:
5 Optimized
• Company has budgeted and
integrated plans for continuous
improvement
4 Managed
• It has a formal process in place to
collect and analyze quantitative
data
3 Defined • Metrics are defined and fed into
• Formal procedures are in place the process improvement program
• It has a way to allow for
2 Repeatable quantitative process improvement
• Formal management structure,
change control, and quality
assurance are in place
1 Initial • Company can properly repeat
• Ad-hoc development process processes throughout each project
• No assurance of consistency and • No formal process model
quality
Systems Development Life Cycle
The Systems Development Life Cycle (SDLC) is a system development model used throughout
the IT industry. Security controls should be included in every phase of the SDLC.
• Security testing
Maintenance
and Change
User Management
Acceptance • Once a system
Code Review Testing is operational,
Walk-Through • It is a phase of any change in
Design Review • It is a form of software a system
development needs to go
• Defines data peer review in
in which the through a
Control flow diagram which a
software is proper change
Specifications • Generalized programmer
tested in the management
Functional and detailed leads the
real world by process
Requirements Development database review process
to look for the intended
Conceptual Determination • Designs access design at the audience
logical and errors
Definition • Lists specific controls
system • Inputs physical levels
• Creates the
functionalities validation • Develops
basic
conceptual • Defines how controls storyboards
statement for different • Logging and showing user
a system functions audit trails interaction
which defines interoperate with the
the purpose of application
the software
Integrated Product Team (IPT)
• An Integrated Product Team (IPT) is a multi-disciplinary team that helps to facilitate decision making by:
• The team comprises of members from the organization’s appropriate functional disciplines.
The IPT is used for review and decision making in complex programs and projects.
Features:
Preventive Data checks, custom screens, Firewalls, reference monitor, Data dictionary, programming
validity checks, contingency sensitivity labels, traffic standards, and DBMS
planning, and backups padding, encryption, data
classification, one-time
passwords, separate test, and
development environments
Detective Cyclic redundancy checks, IDS and audit trails Comparison tools, relationship
structured walk through, hash tests, and reconciliation controls
totals, reasonableness checks
Corrective Backups, control reports, before Emergency response and Program comments and
and after imaging reports, and reference monitor database controls
checkpoint restarts
Software Development Methods
Waterfall Model
Spiral Model
A sample product is developed to explore a specific approach to a problem before investing time and resources.
• A prototype is quickly created to • They are built with a goal of an • Extension of the evolutionary
test the validity of the current incremental update prototype
understanding of the project • The prototype is continuously • It is designed to be implemented
requirement improved upon until it reaches in a production environment as
• It is a quick and dirty method of the final product stage it is being tweaked
creating the prototype • Feedback gained in each • Feedback is obtained and
• It is not developed to be build phase changes are made within the
upon, rather discarded after use is used to improve the working site
prototype
Software Development Methods (contd.)
• Software is developed via the use of prototypes, dummy GUIs, back-end databases etc.
Agile Methodology
Extreme Programming
Scrum
Scrum Roles:
• It is an iterative and incremental process
most commonly used to manage an Agile
software development effort
• A typical scrum team has just five to nine
members • The project • The people
• Larger projects are organized into a scrum • The project •The team who will • Other
of scrums that scales upward to include manager customer or members be using parties who
or team the who do the the contribute
hundreds of programmers leader actual software in some
customer’s
• A typical scrum project consists of a sprint; representati project once it has way to the
a focused effort to produce some portion ve who work been project,
of the total project deliverable speaks for developed such as
• A sprint usually lasts from two to four the or updated customers,
weeks customer vendors,
and
suppliers
Other Models
Exploratory Model
• Used in instances where clearly defined project objectives are not available
• Relies on covering a set of specifications likely to affect the final product’s functionality
• Testing is an important part of the exploratory development
Reuse Model
Clean Room
• Attempts to prevent errors or mistakes by following structured and formal methods of developing and
testing
• Used for high-quality and mission-critical applications that will be put through a strict certification
process
Secure Software Development Best Practices
The best practices for Secure Software Development are provided by:
• ISO/IEC 27034
Business Scenario
The Software Testing team at Nutri Worldwide Inc. created a software test plan for the
new CRM application. The project was divided into different modules and assigned to
developers to start the coding. As per the assigned modules, the testers prepared test
scenarios and test cases. Each module was tested individually.
The software was also tested for compatibility on different operating systems, hardware, internet browsers,
etc. The tests performed on individual modules were Unit testing, Installation testing, Regression testing, and
Acceptance testing, but the application failed.
Question: Which testing did Kevin’s report indicate should have been done to avoid the issue?
Answer: Integration testing on module integration would have avoided the issue.
Object-Oriented Programming Terms
Polymorphism
Inheritance
Data Modeling
• It considers data independently both by the way data is processed and the
component that processes the data
• It follows the data from input to the end and ensures the output is correct
• Data modeling can be used to provide insights into the data and the
relationships that govern it (used in databases)
Data Structure
• Data structure is a way of collecting and organizing data in such a way that
one can perform operations on these data in an effective way
• They are structures programmed to store ordered data, so that various
operations can be performed on them easily
Cohesion and Coupling
Cohesion
• It refers to how many different types of tasks a module can carry out
• High cohesion carries out tasks that are similar
• High cohesion is better. Any change in the task can be done without impacting other tasks
Coupling
• It is a measurement that indicates how much interaction one module requires to carry out its
tasks
• Low (loose) coupling is better; high (tight) coupling means a module depends on other
modules
High cohesion and low coupling are very instrumental in software maintenance and development
Distributed Object-Oriented Systems
Distributed development architectures allow applications to be divided into pieces that are called
components.
Object Request Broker (ORB) is created for finding objects, initiating objects, and sending requests to the
objects.
Object Request Brokers (ORBs) act as the locators and distributors of objects across networks. The common
object brokers are COM (Component Object Model), DCOM (Distributed Component Object Model), and
CORBA (Common Object Request Broker Architecture).
Component Object Model (COM)
• Component Object Model (COM) is a model that allows interprocess communication within one
application or between applications on the same computer system
• A developer wants an application to be able to interact with the Windows operating system, and the
different applications developed for this platform will follow the COM outlined standards
• It allows objects written in different OOP languages to communicate. Example: Objects written in C++ can
send messages to objects written in Java
• COM enables applications to use components on the same system, while DCOM enables applications to
access objects that reside in different parts of a network
• DCOM uses a globally unique identifier (GUID) to uniquely identify users, resources, and components
within an environment
Common Object Request Broker Architecture (CORBA)
• ORB works independently of the platforms where the objects reside; it provides
greater interoperability
languages to interface and communicate. Example: CORBA can enable Java code to
access and use objects whose methods are written in C++
Object Linking and Embedding (OLE)
Object Linking:
• It provides a way to share objects on a local computer and to use COM as their
foundation
Embedding:
API
• Uber borrows PayPal’s Braintree API, a secure method for processing credit card
payments, to allow its own App to collect payments from passengers
• For instance, New York's subway system has an API that allows other apps to access
its real-time travel data such as where the trains are and when the next train will arrive
• Snapchat uses the phone's camera API to take pictures, while Google Maps uses the
phone's geolocation API to know where you are located
API Formats
(REST)
Representational state transfer
object
Simple
Uses the SOAP envelope
protocol (HTTP) and then HTTP to transfer
● Supports
data
different
data formats, such as Only supports the XML
Plain text, HTML, XML, format
and JSON Has a slower performance
protocol
access
● Has good and scalability can be
performance complex, as caching is not
and scalability and possible
uses caching
)
(SOAP
● Is widely used Used when REST is not
possible
API Threat Vectors
Apply rigorous
authentication and Use proven solutions
authorization
Software Security and Assurance
Security Kernel
• It is a small portion of the operating system through which all references to information and all changes to
authorizations must pass.
• Completeness
• Isolation
• Verifiability
Software Security and Assurance (contd.)
• The processor privilege states protect the processor and the activities that it performs.
• It records the processor state in a register that can only be altered when the processor is operating in a
privileged state.
Bound Checking
• A bound checking is any method of detecting whether a variable is within some bounds.
Parameter Checking
• It involves checking the input data for disallowed characters, length, data type, and format.
Memory Protection
• It is necessary to protect the memory used by one process from unauthorized access by another.
• It ensures that processes cannot interfere with each other’s local memory.
• It also ensures that common memory areas are protected against unauthorized access.
Software Security and Assurance (contd.)
Granularity of Controls
• Granularity of controls ensures that the security controls are granular enough to address both program
and user.
Separation of Environments
• Separation of environments is essential to control how each environment can access the application and
the data.
• Social Engineering is a way where the attackers try to use social influence over users to extract confidential
information.
Backing up operating system and application software is a method of ensuring productivity in the event of a
system crash.
• Information is available in the event of an emergency through data, programs, documentation, computing,
and communications equipment redundancy.
Software Forensics
• Software Forensics is the study of malicious software in regard to protection against malicious code.
• It can be used:
o To determine whether a problem is a result of carelessness or was deliberately introduced as a payload
o To obtain information about authorship and the culture behind a given programmer
o To obtain the sequence in which related programs were written
o To provide evidence about a suspected author of a program
o To determine intellectual property issues
o To recover source code that has been lost
Software Security and Assurance (contd.)
Cryptography
• Cryptographic techniques protect information by transforming the data through encryption schemes.
• Encryption algorithms can be used to encrypt specific files located within the operating system.
Software Security and Assurance (contd.)
Password Protection
• Operating system and application software use passwords as a convenient mechanism to authenticate
users.
• The most common solution is to encrypt password files using one-way encryption algorithms or
hashing.
• Mobile Code Controls protect the user from viewing web pages that have programs attached to them.
• Secured systems should limit mobile code or applets’ access to system resources.
• The system should garbage-collect memory to prevent both malicious and accidental memory leakage.
Sandbox
• Limits are placed on the amount of memory and processor resources the program can consume.
• A sandbox can be created on the client side to protect the resource usage from applets.
Software Security and Assurance (contd.)
• Strong Language Support is a method of providing safe execution of programs such as Java.
• It ensures that arrays stay in bounds, the pointers are always valid, and code cannot violate variable typing.
XML SAML
standard for structuring data in a text • A format that uses XML to describe
file security information
• XML is called extensible because the • The important requirement is web
symbols are unlimited and can be browser single sign-on (SSO).
defined by the user or author. • Example: using cookies
Software Security: SOA
• Policy enforcement
• Authentication
• Encryption
Information
integrity
Configuration Information
management accuracy
Audit and
Change Assurance Information
management Mechanisms auditing
Information
protection Certification
management
Accreditation
Assessing the Effectiveness of Software Security
System Authorization
• Ensures that a control framework is selected and uniformly implemented across the organization with the
help of standards
• Most software is released with vulnerabilities; auditing and logging helps identify security issues.
• Organizations must address these issues by applying procedures to maintain and check information
integrity and accuracy.
Assessing the Effectiveness of Software Security (contd.)
Risk Analysis and Mitigation must be integrated in the SDLC as an ongoing activity and in Change
Management. It involves:
• Using standardized methods outlined in frameworks such as ISO and NIST to assess risk and report to
stakeholders
• Taking corrective actions for mitigation by reviewing and prioritizing the findings
All mitigations applied should be thoroughly tested and verified by independent security assessors to make
sure that the security flaw has been actually mitigated.
Assessing the Security Impact of Acquired Software
Acquired software can introduce new vulnerabilities into the system and may have an impact on the
organization’s risk posture.
68
Code Repositories and Application Programming Interfaces
Code Repositories is a file archives and web hosting facility in which a large number of source codes is stored
privately or publicly.
• Example: Source code repository is used by open-source projects and other multi-developer projects to
handle various versions.
• Securing code repository includes physical, system, operational, and software and communication security;
file system and backups; and access control.
An Application Programming Interface (API) is a group of protocols, routines, and tools for building a
software application. Securing APIs involves the use of:
• Access keys
Business Scenario
Kevin read the policy, which Hilda Jacobs, General Manager – IT Security, Nutri Worldwide
Inc., had created for improving the software development process.
As per the policy, programmers will write, compile, and carry out initial testing of the
application’s functionality and implementation in the development environment.
When the application is ready for production, the users, and quality assurance team will carry out functional
testing within the testing and quality assurance environment. When the application is accepted by the user
community, it is moved into production environment.
The Persistence
database
model Data sharing
should
provide the Recovery or fault-tolerance
following: Database language
Security and integrity
Database Terms
View: A virtual relation defined by the database administrator in order to keep subjects from viewing
certain data
Foreign key: An attribute of one table that is related to the primary key of another table
Relational Model:
Cardinality and Degree in Relational
• The relational model is a simple model that provides flexibility Database
• It organizes data into relations or tables • The number of rows in the relation is
referred to as cardinality, and the number of
• Data can be associated across multiple tables with a key columns is known as the degree
Hierarchical Model
• In Hierarchical Model, different record types are embedded in a predefined hierarchical structure.
• It is used as the physical order of records in storage. Record access is done by using pointers combined
with sequential accessing.
• This model has been supported primarily by the IBM IMS DBMS.
Types of Databases (contd.)
Network Model
• In Network model, a hierarchical relationship between two record types is established by the set construct.
• All the sets comprise a general directed graph or network construct. Access to records is sequential or by
navigation in the circular linked lists.
• This model is more general and powerful than the hierarchical model.
Types of Databases (contd.)
Distributed Model
Object-oriented model
• It aims to avoid the overhead of converting information between its representations in the database.
Contains all
Defines the
the
schema and
commands
structure of
that enable an
the database,
user to view, Defines the Enables users
access Produces
manipulate, internal to make
operations user-defined
and use the language of requests to
and integrity printouts
database the database the database
procedures
Example:
Example:
View, add,
CREATE,
modify, sort,
DROP
and delete
Integrity Services
Semantic Integrity: • Makes sure the structural and semantic rules are followed
Rollback
• Operation that ends the current transaction and cancels the current changes to database
• Database returns to its pervious state
Commit
• Completes a transaction and executes all changes made by the user
• This ensures that partial changes do not take place and that data is not corrupted
Savepoints
• Helps to make sure if a system failure occurs or if an error is detected, the database can attempt to return to a point before the
system crashed
Checkpoints
• When the database software fills up a certain amount of memory, a checkpoint is initiated. It saves the data from a temporary
segment to a temporary file
• It is similar to savepoints
Two-phase commit
• The requests for database changes are put in a queue and activated all at once
• A pre-commit ensures all database are ready before the commit command is sent to each database
Database Security Issues
Aggregation
Inference
Polyinstantiation
• It is the ability of a database to maintain multiple records with the same key
• It is used to prevent inference attacks
• It may also indicate, such as in the case of database polyinstantiation, that two
different instances have the same name (identifier, primary key)
Database Security Issues: Control mechanism
Once the
Transactions are
transaction is
executed in
Either all changes All data is verified as
isolation until they
are done or the consistent in the accurate, it is
are completed
database is rolled different committed and
without
back databases the database
interacting with
cannot be rolled
other transactions
back
Introduction to Data Warehousing
Data Mining
Over the last few decades, Nutri Worldwide's data has grown exponentially. New
attributes were added to the existing tables. The database team had to recruit a few
more resources to tackle database issues. Meanwhile, Smith Gordon, CEO, reported
issues in refreshing the reports on the corporate dashboard.
Question: With the given scenario, do you think database normalization will help Nutri Worldwide Inc. to
reduce some of its issues?
Answer: Normalization will help the organization to properly organize the data in database making it more
flexible by eliminating inconsistent dependencies and redundancy.
Business Scenario
To tackle the increase in malware attacks worldwide, Hilda Jacobs announced a series of
measures like activity monitors and virus scanners for protecting the organization data.
Even after enhancing the security, the IT Department reported compromise of one of its
webservers. Sensitive data was stolen by the hackers, and the organization suffered a
great loss.
Question: What can be the possible source of attack in the given scenario?
Answer: The attack could be a zero-day attack, which can take place if the systems are unpatched or the
latest patches are installed.
Importance and Role of Knowledge Management
Examples:
90
Knowledge-Based System—Expert System
• Inference engine
• Knowledge base
• User interface
The following are the common types of threats and vulnerabilities of Web Application Environments:
• Information gathering
• Replay attack
Specific Protection
• Passively assessing
• Administrative interface protection restricts access to authorized hosts or networks and then uses strong (possibly
multifactor) user authentication. This ensures the security of the credentials.
• Uses account lockout and extended logging and audit and protects all authentication traffic with encryption.
Input Validation
Input validation ensures that the proxies are able to deal with problems of
• Buffer overflows
• Authentication issues
• Scripting
• Encoding issues
Sessions Protection
The sessions or periods of apparent attachment to the server are controlled by other technologies, such as
cookies or URL data, which must be both protected and validated.
• Do not use sequential, calculable, or predictable cookies, session numbers, or URL data for these
purposes
The following are the best practices introduced by (ISC)2 for secure software development:
Malware
Virus
Utilize crude
Infect different types
technologies to infect
Attack the MBR which of executable files and
documents created in
is the the portion of get triggered when Inject themselves into
the popular Microsoft
bootable media, such the operating system the trusted runtime
Word environment
as a hard disk, USB attempts to execute processes of the
Although they were
drive, or CD/DVD that them operating system, such
relatively
the computer uses to For Windows-based as svchost.exe,
unsophisticated, these
load the operating systems, the names of winlogin.exe, and
viruses spread
system during the these files end with explorer.exe
rapidly, because the
boot process .exe and .com antivirus community
extensions don’t anticipate them
Virus Technologies
Hide themselves by
Use more than one
actually tampering
propagation
with the operating
technique in an Modify their own
system to fool Use cryptographic
attempt to code as they travel
antivirus packages techniques to avoid
penetrate systems from system to
into thinking that detection
that defend against system
everything is
only one method or
functioning
the other
normally
Worms and Trojan Horse
Worms
Trojan Horse
Spyware
• It is a malware that can be put in someone’s computer to secretly gather information
about the user and relay it to advertisers or other interested parties
• It can get in a computer as a software virus or as the result of installing a new program
Adware
• It is a type of malware that bombards you with endless ads and pop-up windows that
could be potentially dangerous for your device
• It is a type of software that shows adds; most of the adware is safe, but some can gather
your personal information
Logic Bombs
• Logic bombs are malicious code objects that infect a system and lie dormant until they
are triggered by the occurrence of one or more conditions, such as time, program
launch, and website logon
Ransomware
What is a ransomware?
• It is a type of malware that attempts to extort money from a computer user by infecting and
taking control of the victim’s machine, files, or documents stored on it
Impact
• It is usually installed when you open a malicious email attachment, click a malicious link in an
email or an instant message, or visit a malicious website
Prevention
Backdoor
Rootkits
• Rootkits are a form of malware that is specifically designed to modify the operation of
the operating system in some fashion to facilitate nonstandard functionality
• Rootkits act as a form of malware that can change thread priorities to boost an
application’s performance, perform keylogging, act as a sniffer, hide other files from
other applications, or create backdoors in the authentication system
Bots and Remote Access Trojan
Bots
• A bot is a functioning piece of software that performs some tasks under the
control of another program
• A series of bots is controlled across the network in a group, and the entire
assembly is called a botnet (combining the terms bot and network)
• Bots can do a wide array of things: spam to fraud to spyware
Social Engineering
Prevention
Phishing
• It is the most popular form of a social engineering attack conducted through digital communication
• It is the fraudulent attempt to obtain sensitive information, such as usernames, passwords, and credit card details by disguising as a
trustworthy entity in an electronic communication
Spear Phishing
Whaling
• It is a term used to describe a phishing attack that is specifically aimed at wealthy, powerful, or prominent individuals
Pretexting
• Pretexting is defined as the practice of presenting oneself as someone else in order to obtain private information
Application or Service Attacks
Application Attack
Buffer Overflow
• A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length
buffer than the buffer can handle
• The extra information, which has to go somewhere, can overflow into adjacent memory
space corrupting or overwriting the data held in that space
Prevention
Injection Attack:
OS Types of
command Cross-Site
Injection
Impact: Scripting
Injection attacks
• Data theft, data loss, loss of data integrity, denial of service
• Full system compromise
SQL Injection:
• SQL injection attacks allow a malicious individual to directly perform SQL transactions
against the underlying database in violation of the isolation model
• SQL injection (SQLi) refers to an injection attack wherein an attacker can execute
malicious SQL statements that control a web application’s database server
Impact:
Prevention:
DOM Persistent
Based XSS XSS
Reflected or Non-Persistent XSS
DOM-Based XSS
Impact:
• Hijacking sessions
• Deploying hostile content
• Impersonating a user
• Phishing and testing
Prevention:
CSRF
• A cross-site request forgery (CSRF) attack utilizes unintended behaviors that are
proper in defined use but are performed under circumstances outside the
authorized use
• It is performed against sites that have an authenticated user and exploits the
site’s
trust in a previous authentication event
• Then, by tricking a user’s browser to send an HTTP request to the target site, the
trust is exploited
Example:
• Assume your bank allows you to log in and perform financial transactions but does
not validate the authentication for each subsequent transaction
• If a user is logged in and has not closed their browser, then an action in another
browser tab could send a hidden request to the bank resulting in a transaction
that appears to be authorized but in fact was not done by the user
Prevention techniques:
Anti-malware
Types of malware:
• Signature based
• Effective for detecting known malware; it cannot address new
variants
• Heuristic detection
• Analyzes the overall structure of the malicious code, evaluates the
coded instructions and logic functions, and then decides on the
malicious action. It helps detect unknown malware
Key Takeaways