CISSP®—Certified Information Systems Security Professional

Domain 08 : Software Development Security

CISSP® is a registered trademark of (ISC)²®

© Simplilearn. All rights reserved.

 Learning Objectives

Recognize the importance of system environments and programming concepts

Discuss Object-Oriented Programming

Describe the system lifecycle and systems development

Explain database and data warehousing environments

List the ten best practices for secure software

development – (ISC)2
 Importance of Software Development Security

Nutri Worldwide Inc. had developed a Vendor Management System for their vendor
management process. One of the key features of the new software is the centralized bidding
process for contracts.

It was noticed that, regardless of the number of bidders, one vendor always managed to get the contract
for
the supply of bottles and cans for one of the processing units.

It was later found following a thorough investigation that this vendor managed to access the bidding data.
During the programming and testing phase of the development of the software, secure programming
practices were not implemented.
 System Environments

System environments can be defined as a combination of different independent components like servers,
application networks, and their inter-relationships.

The various system environments are described Web Server

below:

• Distributed Environment

• Client—Server Systems
LAN

• Local Environment
Firewall Internet
• Distributed Data Processing (DDP)

• Agents
Database Server
• Applets
 Distributed Environment

Distributed Environment is a type of system Workstation

architecture.

It integrates the management of: Database Server Database Server

• Application software
Network

• Application platform;
D EPT Table EMP Tab le
• Technology interface;
HQ Database Sales Database
• Information; and

• Communications.
Workstation Output Devices
 Client/Server Systems and Local Environment

Client-Server Systems enable an application

system to be divided across multiple platforms.

• The client requests services, and the server

fulfills
these requests.

• Client is the front-end portion of an

application.

• Server is the back-end portion of an

application.

Local Environment is a type of environment in

which

• Applications are located on one system

• No communication links exist

 Distributed Data Processing and Agents

Distributed Data Processing (DDP) are

physically separated computers.

• They can manage data independently. Central Information

Server
• They can also share it with one another.
Small amounts of data

Agents are small standalone programs that are

part of a larger application. They run
autonomously and without any human Some data servers running local search engines

interaction. Some examples of agents include:

• Anti-virus program

• Patch management
 Applets

Applets are small programs residing on a host

computer.

• They are downloaded to a client computer to

be executed

• They are usually written in Java, Active-X, and

JavaScript
o Java is an object-oriented, distributed,
general-purpose programming language.
o It is developed by SUN.
o Active-X is developed by Microsoft.
o It supports the downloading of mobile
code written in languages such as Visual
BASIC or C++ to Web browsers
 Programming Concepts

The common types of programming languages

are as follows:

• Machine language—Machine language is a

software program that is executed directly by
the CPU.

• Assembly language—Assembly language is a

low-level computer programming language.

• High-level language—In high-level language,

programmers write the code using logical
words and symbols.
 Complier Vs. Interpreter

Basis of difference Compiler Interpreter

A compiled program is compiled only An Interpreted code is compiled each time
Compiling a Program
once. the program is run.

High-Level It translates high-level instructions It translates high-level instructions into an

Instructions directly into machine language. intermediate form.

Interpreted programs run slower than

Speed Compiled programs run faster.
It searches all the errors of a program
Search for Errors
and lists them
It generates the error message only
Error List Generation after scanning the whole program.
complied programs.
It checks a program statement by statement
for errors.
It continues translating the program until the
first error is met, in which case it stops.

Debugging It is comparatively hard. It is easy.

Use It is difficult to use. It is easier to use.

Examples C, C++, etc. Python, Ruby, etc.

 Programming and Software

Publicly released software may come in different forms after programming. The different types of software
are described here:

Publicly Released
Software

Free Software Open-Source Software

Freeware Programming
and Closed-Source Software
Software

Crippleware Proprietary Software

Shareware
 Threats in the Software Environment

Buffer Overflow

• It occurs when someone attempts to disrupt a program’s operation.

• The excess input data overflows and overwrites another part of the program’s memory space.

• This can lead to corruption of other variables in the program.

Citizen Programmers

• Citizen Programmers are programmers who create applications with both security and reliability problems.

• Visual Basic by Microsoft is often used.

• They are also known as casual programmers.

• Applications developed by them are chaotic and lack assurance with regard to security.
 Threats in the Software Environment (contd.)

Covert Channel

• A covert channel is an information flow issue.

• Types of covert channels:

Covert storage channel involves the direct or indirect reading of a storage location by two different processes.

Covert timing channel involves the ability to influence the rate that some other process is able to acquire
resources.

Malicious Software

• Malicious software is a class of software that performs a variety of damaging actions.

• The purposes of malware include Propagation, Damage and destruction of information, Stealth of
information, Usage monitoring, Denial of Service, and Remote control.
 Threats in the Software Environment (contd.)

Malformed Input Attack

• Malformed Input Attack is where inputs are collected from the users and configured in unusual ways.

• There are various systems to detect and protect against such attacks.

Memory/Object reuse

• Sometimes, residual information remains when a section of memory is reassigned to a new process after a
previous process is finished with it. This leads to a security violation.

• Developers should also be careful with the reuse of other resources that can contain information, such as
disk space.

• The paging or swap file on the disk may contain an enormous amount of sensitive information.
 Threats in the Software Environment (contd.)

Executable Content/Mobile Code

• Executable content or mobile code is software that is transmitted across a network from a remote source
to a local system and is then executed on that local system.

• The concept has been known by many names: mobile agents, mobile code, downloadable code,
executable content, active capsules, and remote code.

Social Engineering

• A social engineering attack occurs on the personnel in an organization.

• The purpose is to gain secrets from individuals.

• Social engineers prey on the weakness in feigned calls for assistance.

 Threats in the Software Environment (contd.)

Time of Check/Time of Use (TOC/TOU)

• Time of Check or Time of Use occurs based on the time variations between the system security functions
check on the variables’ contents and when the variables are actually used during operations.

• It is also known as race condition.

• Program may behave inconsistently, with arbitrary and erroneous results.

Data Contamination

• Data Contamination means corruption of data integrity by input data errors.

 Threats in the Software Environment (contd.)

Garbage collection

• The garbage collector attempts to reclaim garbage or memory occupied by objects that are no longer in
use by the program.

• The time when the garbage is collected is unpredictable, resulting in stalls scattered throughout a session.

Trapdoor/Backdoor

• A trapdoor or backdoor is a hidden mechanism that bypasses access control measures.

• A programmer who knows about the backdoor can exploit the trapdoor as a covert means of access.
 Measuring System Development Process

Software Capability Maturity Model (CMM) Levels

The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product
is a direct function of the quality of its associated software development and maintenance processes. The
following are the five maturity levels of Software CMM Model:

1 Initial
• Ad-hoc development process
• No assurance of consistency and
quality
5 Optimized
• Company has budgeted and
integrated plans for continuous
improvement
4 Managed
• It has a formal process in place to
collect and analyze quantitative
data
3 Defined • Metrics are defined and fed into
• Formal procedures are in place the process improvement program
• It has a way to allow for
2 Repeatable quantitative process improvement
• Formal management structure,
change control, and quality
assurance are in place
• Company can properly repeat
processes throughout each project
• No formal process model
 Systems Development Life Cycle

The Systems Development Life Cycle (SDLC) is a system development model used throughout
the IT industry. Security controls should be included in every phase of the SDLC.

Security controls include:

• Conducting a sensitivity assessment

• Determining security requirements

• Creating security specifications

• Installing or switching on controls

• Security testing

• Certification and accreditation

• Change and configuration management

 SDLC Phases

Maintenance
and Change
User Management
Acceptance • Once a system
Code Review Testing is operational,
Walk-Through • It is a phase of any change in
Design Review • It is a form of software a system
development needs to go
• Defines data peer review in
in which the through a
Control flow diagram which a
software is proper change
Specifications • Generalized programmer
tested in the management
Functional and detailed leads the
real world by process
Requirements Development database review process
to look for the intended
Conceptual Determination • Designs access design at the audience
logical and errors
Definition • Lists specific controls
system • Inputs physical levels
• Creates the
functionalities validation • Develops
basic
conceptual • Defines how controls storyboards
statement for different • Logging and showing user
a system functions audit trails interaction
which defines interoperate with the
the purpose of application
the software
 Integrated Product Team (IPT)

• An Integrated Product Team (IPT) is a multi-disciplinary team that helps to facilitate decision making by:

Working together to build successful programs

Identifying and resolving issues

Making comprehensive and timely recommendations

• The team comprises of members from the organization’s appropriate functional disciplines.

The IPT is used for review and decision making in complex programs and projects.

It provides a forum for collaboration by involving all the stakeholders.

 DevOps

DevOps, derived from the terms "development"

and "operations“ is a software development
method that places importance on communication,
collaboration, and integration between the
organization’s software developers and IT staff.

The interdependence of software development and

IT Operations is addressed by DevOps.

Features:

• It helps an organization to quickly produce

software products and services.

• It ensures the adoption of Quality

Assurance to
improve Operations performance.
 Software Testing Methods

Software testing is performed to detect and uncover errors and bugs.

Software Testing Levels
 Application Controls

The following are the controls and categories of application controls.

Control Type Accuracy Security Consistency

Preventive Data checks, custom screens,
validity checks, contingency
planning, and backups
Firewalls, reference monitor, Data dictionary, programming
sensitivity labels, traffic standards, and DBMS
padding, encryption, data
classification, one-time
passwords, separate test, and
development environments

Detective Cyclic redundancy checks, IDS and audit trails Comparison tools, relationship
structured walk through, hash tests, and reconciliation controls
totals, reasonableness checks

Corrective Backups, control reports, before Emergency response and Program comments and
and after imaging reports, and reference monitor database controls
checkpoint restarts
 Software Development Methods

Waterfall Model

• The Waterfall model is a linear application

development model that uses rigid phases
• In this model, all requirements are gathered
in the initial phase, and there is no formal
way to integrate the changes as more
information becomes available or
requirements change.
• It is hard to know everything at the
beginning

• Modern Waterfall Model

• It allows development to return to the
previous phase to correct defects discovered
during the subsequent phase
• This is often known as the feedback loop
characteristic of the waterfall model
 Software Development Methods (contd.)

Spiral Model

• In 1988, Barry Boehm developed the Spiral

model.

• It is a meta-model that incorporates a number

of software development models

• It combines the idea of iterative development

with the systematic, controlled aspects of the
waterfall model.

• It includes risk management within software

development.
 Prototyping Models

A sample product is developed to explore a specific approach to a problem before investing time and resources.

Types of Prototyping Models:

Rapid Prototyping Evolutionary Prototyping Operational Prototyping

• A prototype is quickly created to
test the validity of the current
understanding of the project
requirement
• It is a quick and dirty method of
creating the prototype
• It is not developed to be build
upon, rather discarded after use
• They are built with a goal of an
incremental update
• The prototype is continuously
improved upon until it reaches
the final product stage
• Feedback gained in each
phase
is used to improve the
prototype
• Extension of the evolutionary
prototype
• It is designed to be implemented
in a production environment as
it is being tweaked
• Feedback is obtained and
changes are made within the
working site
 Software Development Methods (contd.)

Rapid Application Development

• Rapid Application Development (RAD) is a form of rapid prototyping

• Software is developed via the use of prototypes, dummy GUIs, back-end databases etc.

• The goal is to meet the system’s business need

 Agile Methodology

Agile Methodology

• It focuses not on rigid, linear, stepwise processes but on

incremental and iterative development methods that
promote cross-functional teamwork and continuous
feedback mechanisms
• This model is considered lightweight compared to
the
traditional methods that are heavyweight

Agile methodology prefers:

• Individuals and interactions over processes and tools

• Working software over comprehensive documentation
• Customer collaboration over contract negotiation
• Responding to change over following a plan
 Software Development Methods (contd.)

Extreme Programming

• Extreme Programming is a discipline of software development.

• It is based on values of simplicity, communication, and feedback.

• It is a structured approach, relying on subprojects.

• It is an Agile Software development method.

 Agile Methodology: Scrum

Scrum
Scrum Roles:
• It is an iterative and incremental process
most commonly used to manage an Agile
software development effort
• A typical scrum team has just five to nine
members • The project • The people
• Larger projects are organized into a scrum • The project •The team who will • Other
of scrums that scales upward to include manager customer or members be using parties who
or team the who do the the contribute
hundreds of programmers leader actual software in some
customer’s
• A typical scrum project consists of a sprint; representati project once it has way to the
a focused effort to produce some portion ve who work been project,
of the total project deliverable speaks for developed such as
• A sprint usually lasts from two to four the or updated customers,
weeks customer vendors,
and
suppliers
 Other Models

Exploratory Model

• Used in instances where clearly defined project objectives are not available
• Relies on covering a set of specifications likely to affect the final product’s functionality
• Testing is an important part of the exploratory development

Joint Application Development (JAD)

• Uses a team approach in a workshop-oriented environment

• Distinguishes itself by the inclusion of members other than coders in the team

Reuse Model

• Approaches development by using progressively developed models

• Reusable models are evolved by gradually modifying preexisting prototypes to customer specifications
• Reduces development cost and time

Clean Room

• Attempts to prevent errors or mistakes by following structured and formal methods of developing and
testing
• Used for high-quality and mission-critical applications that will be put through a strict certification
process
 Secure Software Development Best Practices

The best practices for Secure Software Development are provided by:

• Web Application Security Consortium or WASC

• Open Web Application Security Project or OWASP

• ISO/IEC 27034
 Business Scenario

The Software Testing team at Nutri Worldwide Inc. created a software test plan for the
new CRM application. The project was divided into different modules and assigned to
developers to start the coding. As per the assigned modules, the testers prepared test
scenarios and test cases. Each module was tested individually.

The software was also tested for compatibility on different operating systems, hardware, internet browsers,
etc. The tests performed on individual modules were Unit testing, Installation testing, Regression testing, and
Acceptance testing, but the application failed.

Question: Which testing did Kevin’s report indicate should have been done to avoid the issue?
Answer: Integration testing on module integration would have avoided the issue.
 Object-Oriented Programming Terms

The fundamental object-oriented programming terms are as follows:

• Objects are distinct entities that a programmer can create

Modularity
• Message is the communication with an object to carry out an
operation

• Method is a code that defines the action of the object

Functional
Reusability
Independence
• Behavior is the result exhibited by an object Benefits of
Object-Oriented
• Class is a collection of the common methods of a set of objects that Programming

defines the behavior of those objects

• Instances are objects or instances of classes that contain their

methods Abstraction Data Hiding

• Encapsulation protects by denying direct access to what is inside the

object
 Object-Oriented Programming

Polymorphism

• Polymorphism refers to the ability of a programming language to process objects

differently depending on their data type or class
• Real-life example of polymorphism: A person at the same time can have different
characteristics. A man plays the roles of being a father, a husband, and an
employee at the same time. So a same person posses have different behaviour in
different situations.

Inheritance

• It is the capability of a class to derive properties and characteristics from another

class
• It is one of the most important features of object-oriented programming
• Real-life example: We all inherited features, looks, and nature from our parents
 Software Development Concepts

Data Modeling

• It considers data independently both by the way data is processed and the
component that processes the data
• It follows the data from input to the end and ensures the output is correct
• Data modeling can be used to provide insights into the data and the
relationships that govern it (used in databases)

Data Structure

• Data structure is a way of collecting and organizing data in such a way that
one can perform operations on these data in an effective way
• They are structures programmed to store ordered data, so that various
operations can be performed on them easily
 Cohesion and Coupling

Cohesion

• It refers to how many different types of tasks a module can carry out
• High cohesion carries out tasks that are similar
• High cohesion is better. Any change in the task can be done without impacting other tasks

Coupling

• It is a measurement that indicates how much interaction one module requires to carry out its
tasks
• Low (loose) coupling is better; high (tight) coupling means a module depends on other
modules

High cohesion and low coupling are very instrumental in software maintenance and development
 Distributed Object-Oriented Systems

Distributed development architectures allow applications to be divided into pieces that are called
components.

Examples of software systems based on distributed objects:

• Common Object Request Broker Architecture (CORBA)

• Java Remote Method Invocation (JRMI)

• Enterprise JavaBean (EJB)

• Distributed Component Object Model (DCOM)

Object Request Broker (ORB) is created for finding objects, initiating objects, and sending requests to the
objects.

Example: Java based systems.

 Object Request Brokers

Object Request Brokers (ORBs) act as the locators and distributors of objects across networks. The common
object brokers are COM (Component Object Model), DCOM (Distributed Component Object Model), and
CORBA (Common Object Request Broker Architecture).
 Component Object Model (COM)

• Component Object Model (COM) is a model that allows interprocess communication within one
application or between applications on the same computer system

• A developer wants an application to be able to interact with the Windows operating system, and the
different applications developed for this platform will follow the COM outlined standards

• It locates objects on a local system

• It allows objects written in different OOP languages to communicate. Example: Objects written in C++ can
send messages to objects written in Java

• It is designed to hide the details of individual objects

• It was developed by Microsoft

 Distributed Component Object Model (DCOM)

• COM enables applications to use components on the same system, while DCOM enables applications to
access objects that reside in different parts of a network

• It was developed by Microsoft

• It locates objects over a network

• It supports communication among objects on different computers

• It allows the application to be distributed at sensible locations

• It includes Object Linking and Embedding (OLE)

• DCOM uses a globally unique identifier (GUID) to uniquely identify users, resources, and components
within an environment
 Common Object Request Broker Architecture (CORBA)

• An open vendor-neutral networked object broker framework developed by the

Object Management Group (OMG)

• Object Requests Broker (ORB) manages all communications between the

components and enables them to interact in a heterogeneous and distributed
environment

• ORB works independently of the platforms where the objects reside; it provides
greater interoperability

• It is the middleware that allows the client-server communication to take place

• ORB provides communication between distributed objects

• It provides portability for applications

• It defines an industry standard that enables programs written in different

languages to interface and communicate. Example: CORBA can enable Java code to
access and use objects whose methods are written in C++
 Object Linking and Embedding (OLE)

Object Linking:

• It provides a way to share objects on a local computer and to use COM as their
foundation

• OLE enables objects to be embedded into documents

•The capability of one program to call another program is called linking

Embedding:

• Capability to place a piece of data inside a foreign program or

document
 Application Program Interface

API

• It is a set of functions and procedures allowing the

creation of applications that access the features
or data of an operating system, application, or
other service
• It allows independent developers write programs
that
use a private company’s services or data
 Use Cases of API

API used for solving problems of another application:

• Uber borrows PayPal’s Braintree API, a secure method for processing credit card
payments, to allow its own App to collect payments from passengers

API used to ask another for interesting information:

• For instance, New York's subway system has an API that allows other apps to access
its real-time travel data such as where the trains are and when the next train will arrive

API used to gain access to a feature of a hardware device:

• Snapchat uses the phone's camera API to take pictures, while Google Maps uses the
phone's geolocation API to know where you are located
 API Formats
(REST)
Representational state transfer

● Is an architectural style Is an XML-based message

● Uses only simple protocol
hypertext transfer

object
Simple
Uses the SOAP envelope
protocol (HTTP) and then HTTP to transfer
● Supports
data
different
data formats, such as Only supports the XML
Plain text, HTML, XML, format
and JSON Has a slower performance

protocol
access
● Has good and scalability can be
performance complex, as caching is not
and scalability and possible
uses caching

)
(SOAP
● Is widely used Used when REST is not
possible
 API Threat Vectors

Parameters Identity Man-in-the-middle

• Parameter attacks exploit • Identity attacks exploit • This attack intercepts
the data sent into an API, flaws in authentication, legitimate transactions and
including URLs, query authorization, and session exploits unsigned and/or
parameters, HTTP headers, tracking. In particular, unencrypted data being
and/or post content many of these are the sent between the client
result of migrating bad and the server
practices from the web
world into API
development
 API Security

Apply explicit threat

Validate parameters Turn on SSL everywhere
detection

Apply rigorous
authentication and Use proven solutions
authorization
 Software Security and Assurance

Security Kernel

A security kernel is responsible for enforcing a security policy.

• It is a strict implementation of a reference monitor mechanism.

• It is a small portion of the operating system through which all references to information and all changes to
authorizations must pass.

Three basic conditions of Kernel:

• Completeness

• Isolation

• Verifiability
 Software Security and Assurance (contd.)

Processor Privilege States

• The processor privilege states protect the processor and the activities that it performs.

• It records the processor state in a register that can only be altered when the processor is operating in a
privileged state.

• The hardware typically controls entry into the privilege mode.

• The privilege-level mechanism should prevent memory access.

Bound Checking

• A bound checking is any method of detecting whether a variable is within some bounds.

• It prevents buffer overflows on input.

 Software Security and Assurance (contd.)

Parameter Checking

• Parameter checking is implemented by the programmer.

• It involves checking the input data for disallowed characters, length, data type, and format.

• Other technologies to protect against buffer overflows include canaries.

Memory Protection

• It is necessary to protect the memory used by one process from unauthorized access by another.

• Memory protection can be ensured by partitioning memory:

• It ensures that processes cannot interfere with each other’s local memory.

• It also ensures that common memory areas are protected against unauthorized access.
 Software Security and Assurance (contd.)

Granularity of Controls

• Granularity of controls ensures that the security controls are granular enough to address both program
and user.

• Inadequate granularity of controls can be addressed by:

o Proper implementation of the concept of least privilege
o Setting reasonable limits on the user
o Separation of duties and functions
o Ensuring programmers are not the system administrators or users of the application
o Granting users only those permissions necessary to do their job
 Software Security and Assurance (contd.)

Separation of Environments

• Separation of environments is essential to control how each environment can access the application and
the data.

• Control measures to protect the various environments include:

o Physical isolation of environment
o Physical or temporal separation of data for each environment
o Access control lists
o Content-dependent access controls
o Role-based constraints
o Role definition stability
o Accountability
o Separation of duties
 Software Security and Assurance (contd.)

Prevention of Social Engineering

• Social Engineering is a way where the attackers try to use social influence over users to extract confidential
information.

• To protect against social engineering attacks,

Provide users and help desk staff a proper framework to work.

Make users aware of the threat.

Give users the proper procedures for handling unusual

requests for information.
 Software Security and Assurance (contd.)

Backing up operating system and application software is a method of ensuring productivity in the event of a
system crash.

• Information is available in the event of an emergency through data, programs, documentation, computing,
and communications equipment redundancy.

• Back up control functions include:

o Maintaining the source code

o Contingency planning documents
o Disk mirroring
o Redundant array of independent disks (RAID)
 Software Security and Assurance (contd.)

Software Forensics

• Software Forensics is the study of malicious software in regard to protection against malicious code.

• It can be used:
o To determine whether a problem is a result of carelessness or was deliberately introduced as a payload
o To obtain information about authorship and the culture behind a given programmer
o To obtain the sequence in which related programs were written
o To provide evidence about a suspected author of a program
o To determine intellectual property issues
o To recover source code that has been lost
 Software Security and Assurance (contd.)

Cryptography

• Cryptographic techniques protect information by transforming the data through encryption schemes.

• They are used to protect the confidentiality and integrity of information.

• Encryption algorithms can be used to encrypt specific files located within the operating system.
 Software Security and Assurance (contd.)

Password Protection

• Operating system and application software use passwords as a convenient mechanism to authenticate
users.

• Password protections include controls on:

o How the password is selected

o How complex the password is
o Password time limits
o Password length

• The most common solution is to encrypt password files using one-way encryption algorithms or
hashing.

• Another feature for password security involves an overstrike or password-masking feature.

 Software Security and Assurance (contd.)

Mobile Code Controls

• Mobile Code Controls protect the user from viewing web pages that have programs attached to them.

• Secured systems should limit mobile code or applets’ access to system resources.

• The system should garbage-collect memory to prevent both malicious and accidental memory leakage.

Sandbox

• Sandbox is one of the control mechanisms for mobile code.

• It provides a protective area for program execution.

• Limits are placed on the amount of memory and processor resources the program can consume.

• A sandbox can be created on the client side to protect the resource usage from applets.
 Software Security and Assurance (contd.)

Strong Language Support

• Strong Language Support is a method of providing safe execution of programs such as Java.

• It ensures that arrays stay in bounds, the pointers are always valid, and code cannot violate variable typing.

• Java does an internal check called static type checking.

 Software Security : XML and Security Assertion Markup Language
Languages used to provide software security:
XML
• XML—Extensible Markup Language
• A World Wide Web Consortium
standard for structuring data in a text
file
• XML is called extensible because the
symbols are unlimited and can be
defined by the user or author.
SAML
• SAML—Security Assertion Markup
Language
• A format that uses XML to describe
security information
• The important requirement is web
browser single sign-on (SSO).
• Example: using cookies
 Software Security: SOA

Service oriented architecture (SOA) provides

standardized access to the most needed services to
many different applications at one time.

It allows for consistent and collaborative

governance, security, and management, such as:

• Policy enforcement

• Authentication

• Encryption

• Digital signature implementations

It is independent of any vendor, product, or

technology.
 Audit and Assurance Mechanisms

The following are the audit and assurance mechanisms:

Information
integrity

Configuration Information
management accuracy

Audit and
Change Assurance Information
management Mechanisms auditing

Information
protection Certification
management

Accreditation
 Assessing the Effectiveness of Software Security

Methods to assess the effectiveness of software security:

System Authorization

• Involves certification and accreditation/authorization of systems that process, store, or transmit

information

• Ensures that a control framework is selected and uniformly implemented across the organization with the
help of standards

Auditing and Logging

• Most software is released with vulnerabilities; auditing and logging helps identify security issues.

• Organizations must address these issues by applying procedures to maintain and check information
integrity and accuracy.
 Assessing the Effectiveness of Software Security (contd.)

Risk Analysis and Mitigation must be integrated in the SDLC as an ongoing activity and in Change
Management. It involves:

• Using standardized methods outlined in frameworks such as ISO and NIST to assess risk and report to
stakeholders

• Tracking and managing vulnerabilities

• Taking corrective actions for mitigation by reviewing and prioritizing the findings

Testing and Verification

All mitigations applied should be thoroughly tested and verified by independent security assessors to make
sure that the security flaw has been actually mitigated.
 Assessing the Security Impact of Acquired Software

Acquired software can introduce new vulnerabilities into the system and may have an impact on the
organization’s risk posture.

The security of the acquired software can be assessed by:

• Using security tools to test the software for vulnerabilities

• Verifying whether the software development firm followed secure processes

• Checking developer conformance to international standards such as ISO 27034

68
 Code Repositories and Application Programming Interfaces

Code Repositories is a file archives and web hosting facility in which a large number of source codes is stored
privately or publicly.

• Example: Source code repository is used by open-source projects and other multi-developer projects to
handle various versions.

• Securing code repository includes physical, system, operational, and software and communication security;
file system and backups; and access control.

An Application Programming Interface (API) is a group of protocols, routines, and tools for building a
software application. Securing APIs involves the use of:

• Oauth—Open standard for API access delegation

• BasicAuth—User agent must authenticate itself with a username and a password

• Access keys
 Business Scenario

Kevin read the policy, which Hilda Jacobs, General Manager – IT Security, Nutri Worldwide
Inc., had created for improving the software development process.
As per the policy, programmers will write, compile, and carry out initial testing of the
application’s functionality and implementation in the development environment.

When the application is ready for production, the users, and quality assurance team will carry out functional
testing within the testing and quality assurance environment. When the application is accepted by the user
community, it is moved into production environment.

Question: Which software security mechanism is the policy based on?

Answer: Separation of environments into development, quality assurance or testing, and production or
application or production environment
 Database and Data Warehouse Environments

Database A database is a collection of data stored in a

meaningful way that enables multiple users and
applications to access, view, and modify that data
as needed.

Database A database management system (DBMS) is a

Manageme system software for creating and managing
nt System databases. The DBMS provides users and
programmers with a systematic way to create,
retrieve, update, and manage data.

The Persistence
database
model Data sharing
should
provide the Recovery or fault-tolerance
following: Database language
Security and integrity
 Database Terms

Record: A collection of related data items

File: A collection of records of the same type

Database: A cross-referenced collection of data

DBMS: Manages and controls the database

Tuple: A row in a two-dimensional database

Attribute: A column in a two-dimensional

database

Primary key: Columns that make each row

unique (Every row of a table must include a
primary key)

View: A virtual relation defined by the database administrator in order to keep subjects from viewing
certain data
Foreign key: An attribute of one table that is related to the primary key of another table

Cell: An intersection of a row and a column

Schema: Defines the structure of the database

Data dictionary: Central repository of data

 Types of Databases

Relational Model:
Cardinality and Degree in Relational
• The relational model is a simple model that provides flexibility Database

• It organizes data into relations or tables • The number of rows in the relation is
referred to as cardinality, and the number of
• Data can be associated across multiple tables with a key columns is known as the degree

• The most common language is the Structured Query Language

(SQL)
 Types of Databases (contd.)

Hierarchical Model

• In Hierarchical Model, different record types are embedded in a predefined hierarchical structure.

• It is used as the physical order of records in storage. Record access is done by using pointers combined
with sequential accessing.

• This model has been supported primarily by the IBM IMS DBMS.
 Types of Databases (contd.)

Network Model

• In Network model, a hierarchical relationship between two record types is established by the set construct.

• All the sets comprise a general directed graph or network construct. Access to records is sequential or by
navigation in the circular linked lists.

• This model is more general and powerful than the hierarchical model.
 Types of Databases (contd.)

Distributed Model

• A distributed database is spread across a

network of computers and connected
via communications links.

• It allows faster local queries and can reduce

network traffic.

• Key objective—A centralized system to the

user
 Types of Databases (contd.)

Object-oriented model

• Object-oriented model is a conglomeration of object-oriented programming and database technology.

• It attempts to combine database and application programming.

• It aims to avoid the overhead of converting information between its representations in the database.

• It introduces key ideas of object programming, such as encapsulation and polymorphism.

 Database Component

Data Definition Data Manipulation Data Control Query Language

Report Generator
Language (DDL) Language (DML) Language (DCL) (QL)

Contains all
Defines the
the
schema and
commands
structure of
that enable an
the database,
user to view, Defines the Enables users
access Produces
manipulate, internal to make
operations user-defined
and use the language of requests to
and integrity printouts
database the database the database
procedures
Example:
Example:
View, add,
CREATE,
modify, sort,
DROP
and delete
 Integrity Services

Semantic Integrity: • Makes sure the structural and semantic rules are followed

Referential Integrity: • Ensures no foreign key contains a reference to a primary key of a

nonexistent record or a null value

• Guarantees that tuples are uniquely identified by primary key

Entity Integrity: values
• Every tuple must contain one primary value
 Integrity Protection Mechanisms

Rollback
• Operation that ends the current transaction and cancels the current changes to database
• Database returns to its pervious state

Commit
• Completes a transaction and executes all changes made by the user
• This ensures that partial changes do not take place and that data is not corrupted

Savepoints
• Helps to make sure if a system failure occurs or if an error is detected, the database can attempt to return to a point before the
system crashed

Checkpoints
• When the database software fills up a certain amount of memory, a checkpoint is initiated. It saves the data from a temporary
segment to a temporary file
• It is similar to savepoints

Two-phase commit
• The requests for database changes are put in a queue and activated all at once
• A pre-commit ensures all database are ready before the commit command is sent to each database
 Database Security Issues

Aggregation

• Act of combining information from separate sources

• This combination provides new information which the subject does not have the necessary rights to access
• Combined information has a sensitivity that is greater than that of the individual parts

Inference

• The ability to derive information not explicitly available

Controls against Inference and Aggregation:

Polyinstantiation

• It is the ability of a database to maintain multiple records with the same key
• It is used to prevent inference attacks
• It may also indicate, such as in the case of database polyinstantiation, that two
different instances have the same name (identifier, primary key)
 Database Security Issues: Control mechanism

Content-based Context-based Noise and

Cell suppression Partitioning
access access perturbation
control control • Dividing
• Takes action • Takes actions • Hiding specific • Inserting bogus
based on the based on cells that database into information to
content of the the contain different parts mislead the
data environment information and controlling attacker
and the state access
 Database Transaction: ACID Test

Atomicity: Consistency: Isolation: Durability:

Once the
Transactions are
transaction is
executed in
Either all changes All data is verified as
isolation until they
are done or the consistent in the accurate, it is
are completed
database is rolled different committed and
without
back databases the database
interacting with
cannot be rolled
other transactions
back
 Introduction to Data Warehousing

A data warehouse is a database designed to

enable business intelligence activities.

• It is designed for query and analysis and

contains historical data derived from
transaction data

• To enhance business intelligence, it works with

data collected from multiple sources

• It combines data from multiple databases into

a large database

• It provides a base data that is then processed

and presented in a more useful and
meaningful way
 Database Normalization

Database normalization is the process of

organizing the fields and tables of a relational
database to minimize redundancy.

It is a systematic approach of decomposing

tables to eliminate data redundancy(repetition)
and undesirable characteristics like Insertion,
Update and Deletion Anomalies.

It is a multi-step process that puts data into

tabular form, removing duplicated data from the
relation tables.
 Data Mining

Data Mining

• Process of massaging the data held in the data

warehouse into more useful information
• They are used to find an association and
correlation in data to produce
metadata
• Metadata can reveal abnormal patterns not
previously apparent
• Metadata is the result of storing data with
a
data warehouse and in the data with tools
• Goal is to extract information to gain
knowledge about activities and trends that were
not visible earlier
 Business Scenario

Over the last few decades, Nutri Worldwide's data has grown exponentially. New
attributes were added to the existing tables. The database team had to recruit a few
more resources to tackle database issues. Meanwhile, Smith Gordon, CEO, reported
issues in refreshing the reports on the corporate dashboard.

Question: With the given scenario, do you think database normalization will help Nutri Worldwide Inc. to
reduce some of its issues?
Answer: Normalization will help the organization to properly organize the data in database making it more
flexible by eliminating inconsistent dependencies and redundancy.
 Business Scenario

To tackle the increase in malware attacks worldwide, Hilda Jacobs announced a series of
measures like activity monitors and virus scanners for protecting the organization data.
Even after enhancing the security, the IT Department reported compromise of one of its
webservers. Sensitive data was stolen by the hackers, and the organization suffered a
great loss.

Question: What can be the possible source of attack in the given scenario?
Answer: The attack could be a zero-day attack, which can take place if the systems are unpatched or the
latest patches are installed.
 Importance and Role of Knowledge Management

• Knowledge management helps in acquiring,

using, and maintaining information.

• A key feature of knowledge management is

application of artificial intelligence techniques
to decision support.

• It stimulates cultural change and innovation in

organizations.

• It builds a learning organization by making a

learning routine.

• It helps in creating new innovative products,

services, and solutions.
 Knowledge-Based System/Artificial Intelligence

Knowledge-based system or artificial Intelligence

is an alternative approach to problem solving
using software and hardware.

Examples:

• Robots that can that provide fire-fighting

services

• Computer games like Chess

90
 Knowledge-Based System—Expert System

An expert system is a computer system that

emulates the decision-making ability of a human
expert.

The parts of an expert system:

• Inference engine

• Knowledge base

• User interface

Uses of expert systems:

• To make consistent decisions

• To keep an expert’s knowledge within an

organization

• To use as a decision support system

 Knowledge-Based System—Neural Network

A neural network is based on the functioning of

neurons—biological nerve cells

• Training a neural network model means

selecting one model from the set of allowed
models; this minimizes the cost criterion.
 Web Application Environment—Threats and Vulnerabilities

The following are the common types of threats and vulnerabilities of Web Application Environments:

• Authentication and access control

• Information gathering

• Absence of parameter validation

• Lack of administrative interfaces

• Unavailability of Input validation

• Replay attack

• Denial of Service or DoS

 Web Application Environment Security

Specific Protection

• A particular assurance sign-off process for Web servers

• Hardening the operating system used on such servers by

o Removing default configurations and accounts

o Configuring permissions and privileges correctly
o Keeping up to date with vendor patches

• Extending web and network vulnerability scans prior to deployment

• Passively assessing

o Intrusion detection system (IDS)

o Advanced intrusion prevention system (IPS) technology

• Using application proxy firewalls

• Disabling any unnecessary documentation and libraries

 Web Application Environment Security (contd.)

Administrative interface protection

• Administrative interface protection restricts access to authorized hosts or networks and then uses strong (possibly
multifactor) user authentication. This ensures the security of the credentials.

• Uses account lockout and extended logging and audit and protects all authentication traffic with encryption.

Input Validation

Input validation ensures that the proxies are able to deal with problems of

• Buffer overflows

• Authentication issues

• Scripting

• Submission of commands to the underlying platform

• Encoding issues

• URL encoding and translation

 Web Application Environment Security (contd.)

Sessions Protection

The sessions or periods of apparent attachment to the server are controlled by other technologies, such as
cookies or URL data, which must be both protected and validated.

• If you are using cookies, always encrypt them

• Do not use sequential, calculable, or predictable cookies, session numbers, or URL data for these
purposes

• Use random and unique indicators

 Web Application Environment Security (contd.)

Web applications Protection

• Validate all input and output

• Fail secure (closed)

• Make your application or system simple

• Use secure network design

• Use defense in depth

 OWASP Secure Coding Practices

1. Input Validation 8. General Coding Practices

2. Output Encoding 9. Error Handling and Logging

3. Authentication and Password Management 10. Data Protection

4. Session Management 11. Communication Security

5. Access Control 12. System Configuration

6. Cryptographic Practices 13. Database Security

7. Memory Management 14. File Management

 The Ten Best Practices for Secure Software Development—(ISC)2

The following are the best practices introduced by (ISC)2 for secure software development:

• Protect the Brand Your Customers Trust

• Know Your Business and Support it with Secure Solutions

• Understand the Technology of the Software

• Ensure Compliance to Governance, Regulations, and Privacy

• Know the Basic Tenets of Software Security

• Ensure the Protection of Sensitive Information

• Design Software with Secure Features

• Develop Software with Secure features

• Deploy Software with Secure Features

• Educate Yourself and Others on How to Build Secure Software

 Malware

Malware

• It is a software intentionally designed to Worm

cause damage to a computer, server,
client, or computer network
• It is a set of instructions that runs on your
computer and makes your system do Spyware
something that an attacker wants it to do or Virus
Adware
Types of
Impact Malware

• Steals personal information

• Deletes files
• Steals software serial numbers
Logic
• Uses your computer as a relay Trojan
Bomb
 Virus

Virus

• A virus is a piece of malicious code

that replicates by attaching itself to
another piece of an executable code
• When the other executable code is
run, the virus also executes and has
the opportunity to infect other
files and perform any other
nefarious actions it was designed
to do
 Virus Propagation Techniques

Master Boot Record

File Infector Viruses Macro Viruses Service Injection Viruses
Viruses

Utilize crude
Infect different types
technologies to infect
Attack the MBR which of executable files and
documents created in
is the the portion of get triggered when Inject themselves into
the popular Microsoft
bootable media, such the operating system the trusted runtime
Word environment
as a hard disk, USB attempts to execute processes of the
Although they were
drive, or CD/DVD that them operating system, such
relatively
the computer uses to For Windows-based as svchost.exe,
unsophisticated, these
load the operating systems, the names of winlogin.exe, and
viruses spread
system during the these files end with explorer.exe
rapidly, because the
boot process .exe and .com antivirus community
extensions don’t anticipate them
 Virus Technologies

Multipartite Viruses Stealth Viruses Polymorphic Viruses Encrypted Viruses

Hide themselves by
Use more than one
actually tampering
propagation
with the operating
technique in an Modify their own
system to fool Use cryptographic
attempt to code as they travel
antivirus packages techniques to avoid
penetrate systems from system to
into thinking that detection
that defend against system
everything is
only one method or
functioning
the other
normally
 Worms and Trojan Horse

Worms

• Worms are self-replicating pieces of code that attempt to penetrate

networks and computer systems. Once a penetration occurs, the worm
will create a new copy of itself on the penetrated system
• Reproduction of a worm does not rely on the attachment of the virus to
another piece of code or to a file, which is the definition of a virus

Trojan Horse

• It is a piece of software that appears to do one thing and may in fact

actually do that thing but hides some other functionality
• Trojan is a stand-alone program that must be copied and installed by
the user; it must be brought inside the system by an authorized user
 Spyware, Adware, and Logic Bomb

Spyware
• It is a malware that can be put in someone’s computer to secretly gather information
about the user and relay it to advertisers or other interested parties
• It can get in a computer as a software virus or as the result of installing a new program

Adware

• It is a type of malware that bombards you with endless ads and pop-up windows that
could be potentially dangerous for your device
• It is a type of software that shows adds; most of the adware is safe, but some can gather
your personal information

Logic Bombs

• Logic bombs are malicious code objects that infect a system and lie dormant until they
are triggered by the occurrence of one or more conditions, such as time, program
launch, and website logon
 Ransomware

What is a ransomware?
• It is a type of malware that attempts to extort money from a computer user by infecting and
taking control of the victim’s machine, files, or documents stored on it

Impact

• Locks the computer to prevent the user from using it

• Encrypts the documents and files on it to prevent access to saved data

How does it spread?

• It is usually installed when you open a malicious email attachment, click a malicious link in an
email or an instant message, or visit a malicious website

Prevention

• Keep all of software on your computer up-to-date

• Keep your firewall turned on
• Don’t open spam messages or click links on suspicious websites
 Rootkits and Backdoors

Backdoor

• It refer to programs that attackers install after gaining unauthorized access to a

system to ensure that they can continue to have unrestricted access to the
system even if their initial access method is discovered and blocked
• Backdoors can also be installed by authorized individuals inadvertently if they run
software that contains a Trojan horse

Rootkits

• Rootkits are a form of malware that is specifically designed to modify the operation of
the operating system in some fashion to facilitate nonstandard functionality
• Rootkits act as a form of malware that can change thread priorities to boost an
application’s performance, perform keylogging, act as a sniffer, hide other files from
other applications, or create backdoors in the authentication system
 Bots and Remote Access Trojan

Bots

• A bot is a functioning piece of software that performs some tasks under the
control of another program
• A series of bots is controlled across the network in a group, and the entire
assembly is called a botnet (combining the terms bot and network)
• Bots can do a wide array of things: spam to fraud to spyware

Remote Access Trojan

• A Remote Access Trojan (RAT) is a toolkit designed to provide the capability of

covert surveillance and/or the capability to gain unauthorized access to a target
system
• RATs often mimic similar behaviors of keylogger or packet sniffer applications
using the automated collection of keystrokes, usernames, passwords,
screenshots, browser history, emails, and chat logs, but they do so with a design
of intelligence
 Social Engineering

Social Engineering

• It is the art of manipulating people so that they give up

confidential information violating the security principle
• In the context of information security, it refers to the
psychological manipulation of people which makes them
perform actions or divulge confidential information

Prevention

• It can be only be prevented or avoided using the Security

Awareness Training
 Social Engineering Attacks Categories

Phishing

• It is the most popular form of a social engineering attack conducted through digital communication
• It is the fraudulent attempt to obtain sensitive information, such as usernames, passwords, and credit card details by disguising as a
trustworthy entity in an electronic communication

Spear Phishing

• It is a type of phishing attack that is targeted to a specific group or an individual

• Unlike phishing attacks which are not personalized to their victims and are usually sent to masses of people at the same time, spear
fishing aims at targeted individuals

Whaling

• It is a term used to describe a phishing attack that is specifically aimed at wealthy, powerful, or prominent individuals

Pretexting

• Pretexting is defined as the practice of presenting oneself as someone else in order to obtain private information
 Application or Service Attacks

Application Attack

• An application-layer attack targets

Cross-Site
computers by deliberately causing a Scripting
fault in a computer's operating system
or applications.
• This results in the attacker gaining the
ability to bypass normal access
controls. Cross-Site Application Buffer
• The attacker takes advantage of this Request layer
attacks Overflow
Forgery
situation, gaining control of an
application, system or network
• Application layer attacks or layer 7 (L7)
attacks refer to a type of malicious
behaviour designed to target the SQL
“top” layer in the OSI model Injection
 Buffer Overflow Attack

Buffer Overflow

• A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length
buffer than the buffer can handle
• The extra information, which has to go somewhere, can overflow into adjacent memory
space corrupting or overwriting the data held in that space

Reasons for overflow:

• Poor programming practice

• Programming language weaknesses
• Input validation
• An application fails to manage memory allocation

Prevention

• Follow proper coding practice

• Proper code review
• Input validation
 Injection Attacks

Injection Attack:

• Injection attacks refer to a broad class of attack vectors that

Sql
allows an attacker to supply untrusted input to a program Injection
which gets processed by an interpreter as part of a command or
query which alters the course of execution of that program
• Injection attacks are amongst the oldest and most dangerous
web application attacks

OS Types of
command Cross-Site
Injection
Impact: Scripting
Injection attacks
• Data theft, data loss, loss of data integrity, denial of service
• Full system compromise

Causes of injection attacks:

LDAP
• Poor programing practice Injection
• Lack of input validation
• Programming language weakness
 SQL Injection

SQL Injection:

• SQL injection attacks allow a malicious individual to directly perform SQL transactions
against the underlying database in violation of the isolation model
• SQL injection (SQLi) refers to an injection attack wherein an attacker can execute
malicious SQL statements that control a web application’s database server

Impact:

• Damages the database

• Retrieves or manipulates the database

Prevention:

• Update and patch

• Perform input validation
• Limit account privilege
• Use stored procedures
 Cross-Site Scripting

Cross-Site Scripting (XSS)

Non
• It is a type of an injection attack in which malicious scripts Persistent
XSS
are injected into otherwise benign and trusted websites
• This attack occurs when an attacker uses a web application
to send malicious code, generally in the form of a browser-
side script to a different end-user
• It enables attackers to inject client-side scripts into web
pages viewed by other users Types of
Cross Site
Scripting

DOM Persistent
Based XSS XSS
 Reflected or Non-Persistent XSS

Reflected or Non-Persistent XSS

• Reflected vulnerabilities occur when an attacker

tricks the victim into processing a URL programmed
with a rogue script to steal the victim’s sensitive
information (cookies, session ID)
• The principle behind this attack lies in exploiting the
lack of proper input or output validation on dynamic
websites
 Non-Reflected or Persistent XSS

Non-Reflected or Persistent XSS

• It is also known as stored or second-order

vulnerabilities
• They are generally targeted at websites
that allow users to input data that is stored
in a database or any other such location,
e.g., forums, message boards, guest books,
etc.
• The attacker posts some text that contains
some malicious JavaScript, and when other
users later view the posts, their browsers
render the page and execute the attacker’s
JavaScript
 DOM-Based XSS

DOM-Based XSS

• DOM is the standard structure

layout to represent HTML and XML
documents in the browser
• In such attacks, the document
components such as form fields
and cookies can be referenced
through JavaScript
• The script is executed in the
browser via the Document Object
Model (DOM) process as opposed
to the web server
 Impact and Prevention of XSS

Impact:

• Hijacking sessions
• Deploying hostile content
• Impersonating a user
• Phishing and testing

Prevention:

• Limiting the types of uploads

• Updating and patching
• Input validation
• Proper coding practice and code review
 Cross-Site Request Forgery

CSRF

• A cross-site request forgery (CSRF) attack utilizes unintended behaviors that are
proper in defined use but are performed under circumstances outside the
authorized use
• It is performed against sites that have an authenticated user and exploits the
site’s
trust in a previous authentication event
• Then, by tricking a user’s browser to send an HTTP request to the target site, the
trust is exploited

Example:

• Assume your bank allows you to log in and perform financial transactions but does
not validate the authentication for each subsequent transaction
• If a user is logged in and has not closed their browser, then an action in another
browser tab could send a hidden request to the bank resulting in a transaction
that appears to be authorized but in fact was not done by the user

Prevention techniques:

• Limiting authentication time

• Cookie expiration
 Anti-malware

Anti-malware

• It is a type of software program designed to prevent, detect, and

remove malicious software (malware) on IT systems as well as
individual computing devices

Types of malware:

• Signature based
• Effective for detecting known malware; it cannot address new
variants
• Heuristic detection
• Analyzes the overall structure of the malicious code, evaluates the
coded instructions and logic functions, and then decides on the
malicious action. It helps detect unknown malware
 Key Takeaways

System environments include distributed environment, client—server systems,

local environment, distributed data processing (DDP), agents, and applets.
The Systems Development Life Cycle or SDLC is a system development model.
The various phases of SDLC are prepare a security plan, development/acquisition,
implementation, operation/maintenance, and disposal.
Object-Oriented Programming uses an object metaphor to design and write
computer programs.
A database is a structured collection of related data. The various types are
relational model, hierarchical model, network model, distributed model, and
object-oriented model.
A data warehouse is a storage facility comprising data from several
databases.
The ten best practices introduced by (ISC)2 can help fulfill the mission of building
hack-resilient software.
 Thank You

CISSP® is a registered trademark of (ISC)²®

© Simplilearn. All rights reserved.