Professional Documents
Culture Documents
Chapter 8 - SDLC
Chapter 8 - SDLC
Quality
• Key elements of ensuring software quality
• Code review
• Interface testing
• Misuse case testing
• Reasons for lack of security in SDLC
• Lack of education on security
• Operating systems and applications were not built on secure
architectures
• Software development procedures have not been security oriented
• Integrating security as an after thought
Software Development Lifecycle
• 5 Phases
• Design – how
• Development – coding
• Risk-level acceptance
Design Phase
• Outlines how the product is going to accomplish the requirements
• Process used to describe the requirements and internal behavior
of the software
• Software requirements come from 3 models:
• Informational model – dictates the type of information and how it will be
processed
• Functional model – outlines the tasks the application will carry out
• Behavioral model – explains the states the application will be during
and after specific transitions
• The following should be accomplished
• Attack surface analysis
• Threat modeling
Development Phase
• This the phase were actual development happens
• Regression testing – After a change to a system takes place, retesting to ensure functionality,
performance and protection
• Fuzzing
• Technique used to discover flaws and vulnerabilities in software by sending large amounts of
malformed, unexpected or random data in order to trigger failure
• Helps in identifying buffer overflow, DoS vulnerabilities, injection weakness, validation flaws
Software Development Models
• Build and Fix Model
• Waterfall Model
• V-Shaped Model
• Prototyping
• Incremental Model
• Spiral Model
• Agile Model
Build and Fix Model
• Not a formal SDLC model
• Each phase must be completed in entirety before the next phase begins
• Review takes place at the end of each phase to make sure project is on
the right path
• All requirements are gathered in the initial phase and there is no formal
way to integrate changes
• Could be used for small projects that have all requirements understood
V-Shaped Model
• Emphasizes the verification and validation of the product at each phase and provides a formal method
of developing testing plans as each coding phase is executed
• It is also rigid model, does not allow for flexibility and thus adapting to changes is more difficult and
expensive
• Best used when requirements are best understood and scope changes are very small
Prototyping
• Sample product is developed to explore specific approach to a
problem before investing expensive time and resources.
• Similar to multi-waterfall cycle per software as it mature through the development stages
• Advantages
• Allows for changes to take place early, testing uncovers issues quickly, each iteration is easily
manageable, cost is lower, customer gets the functionality earlier, risk of critical changes being
introduced is lower.
• Best used when risk, program complexity, funding, functionality requirements needs to
be understood early in the development cycle
Spiral Model
• Uses an iterative approach to software development
• Advantages
• As more information about the project is gatherer it is integrated into the risk analysis process, improve prototype,
test the prototype, allows for testing to take place early, allows new requirements to be addresses as they are
uncovered
• The model focuses on small increments of functional code that are created based upon business need
• It breaks the product down into individual features that are constantly being delivered
• Development team can take pieces and parts of all the available SDLC models and combine them in a
manner that best suits the project requirement
Agile Model - Scrum
• Most widely adopted Agile methodology
• It acknowledges the fact that customer needs will change over time
• Developed by Toyota
Optimized
• Company has
Managed budgeted and
integrated plans for
• Has formal process in continuous
Defined place to collect and
analyze quantitative
improvement
• Formal procedures data
Repeatable are in place • Metrics are defined
• Has a way to allow and fed into the
• Formal management for quantitative process
Initial structure, change
control and quality
process improvement
improvement program
• Dev process is ad-hoc assurance are in
• No assurance of place
consistency and • Company can
quality properly repeat
processes
throughout each
project
• Does not have formal
process model
defined
Change control Process
• Make a request for change
• Analyze the request
• Develop the implementation strategy
• Calculate the cost of implementation
• Review security implications
• Record the change request
• Submit the change request for approval
• Develop the change
• Report results to management
Software Configuration Management
• Identifies the attributes of software at various points in time and
perform methodical control of changes for the purpose of maintaining
software integrity and traceability throughout SDLC
• SCM should provide the following
• Concurrency Management
• Helps prevent uncontrolled changes when multiple users simultaneously access the
same file
• Versioning
• Deals with keeping track of file revisions; it should create log reports of who made
changes, when and what
• Synchronization
• Allow individuals to check out complete or partial copies of the repositories and work on
the files as needed
Programming Languages
• Machine Language
• Format that the computer’s processor can understand and work with directly
• It is represented in binary and considered the most primitive form of
programming.
• First generation programming language
• Assembly Language
• Considered low-level programing language, it is a symbolic representation of
machine language
• One level above machine language, programmers can use commands
instead of binary codes
• Assemblers are used to convert this language code into machine
understandable format
• Programs written are hardware specific and are not portable
Programming Languages
• High-level Language
• Third-generation language
• They use abstract statements (eg. If-then-else)
• They are easier to work with – programs are easier to write and mistakes are easier
to identify
• They are processor independent
• They are portable and can be used on many different system types
• Very High-level languages
• 4th Generation language
• It enhances the natural language approach
• Focuses on highly abstract algorithms that allow straightforward programming
implementation
• The manual coding required may be ten times less than for the same task on a 3rd
generation language s
Programming Languages
• Natural language
• 5th generation of programming language
• Program creation happens by defining the constrains for achieving a
specified result
• Goal is to create software that can solve problems by itself instead of a
programmer having to develop code to deal with individual and specific
problems
Programming Language
• Assemblers
• Tools that convert assembly language source code into machine code
• Compilers
• Tools that convert high level language statements to machine code for specific
processors
• Allows developers to create software once in high level language and complied for
various platforms
• Interpreter
• Performs the last step of transforming high-level code to machine-level code
• It improves portability
• Major advantage is that the platform independence and memory management
functions are part of the interpreter
• Major disadvantage is that the program cannot run as a stand-alone application but
requires the interpreter to be installed on the local machine
Object Oriented Concepts
• Benefits of Object Oriented Programming
• Modularity
• Differed commitment
• Reusability
• Naturalness
• It also provides functional independence ~ each module addresses a specific sub function of
requirements and has an interface that is easily understood by other parts of the application
• Data hiding is provided by encapsulation, which protects an object’s private data from
outside access
• It provides RPC service, security service, directory service, time service and
distributed file support
• It is a layer of software that sits on top of network layer and provides services to the
application above it
• DCOM uses a globally unique identifier (GUID) while DCOM users a universally
unique identifier (UUID)
Common Object Request Broker Architecture (CORBA)
• Open object-oriented standard architecture developed by Object
Management group
• ORB manages all communications between the components and enables them to interact in a
heterogeneous and distributed environment
• ORB works independently of the platforms where the objects reside, it provides greater
interoperability
• It can handle scalability, concurrency, transactions and various security services for
the client
Service Oriented Architecture (SOA)
• It provides a standardized access to the most needed services for
many different applications at one time
• SOAP
• It is an XML based protocol that encodes messages in a web service environment
• Java Applets
• Object-oriented, platform independent programming language
• They have greater access to the users system compared to Java applets
ActiveX vs Java applets
• It uses • It sets up a
Authenticode sandbox for the
technology, which applet code to
relies on Digital execute thus
certificates and reducing code’s
trusting certificate access to resources
authority within the user’s
computer
Web Environment Threats – Input Validation Attacks
• Path or Directory traversal
• Also known as “dot dot slash” attack
• It is inserting the characters “../” several times into the URL to traverse into the directories that weren’t
supposed to be accessible from the web
• Access to the command shell allows extensive access to the attacker
• Unicode encoding
• Webservers use Unicode to support different applications.
• Attacker using Unicode could make the same directory traversal attack without using “/” but with any of the
Unicode representations of that character
• URL Encoding
• URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits. URL encoding
normally replaces a space with a plus (+) sign or with %20
• Attackers found they could bypass filtering techniques and make requests by representing characters
Web Environment Threats – Input Validation Attacks
• Client-side validation
• When the input validation is done at the client before it is even sent to
server to process
• It avoids incomplete requests to be sent to the server and the server
having to send back an error message to the user
• If a server relies only on Client-side validation, it introduces the risk of
depending on the client’s capability to address the threat. It is always
beneficial to also have server-side validation at different degree
Cross-site Scripting (XSS)
• XSS enables attackers to inject client-side scripts into web pages
viewed by other users
• Persistent XSS
http://www.acunetix.com/wp-content/uploads/2014/03/reflected-xss.png
Cross-site Scripting (XSS)
• Persistent XSS Vulnerability
• Also known as stored or second-order vulnerability
• Targeted against websites that allow users to input data that is stored in a
database in the server
• The attacker posts some text that contains some malicious JavaScript, and when
other users later view the posts, their browsers render the page and execute the
attacker’s JavaScript
• Persistent XSS is less frequent than Non-Persistent XSS
• The damage that Persistent XSS can do is more devastating than the damage
done by Non-Persistent XS
Cross-site Scripting (XSS)
• Document Object Model (DOM) XSS
• Also referred to as local cross-site scripting
• Using encryption
• Helps secure the input/output operations of a web application
• Failing Securely
• Systems that fail securely display friendly error messages without revealing internal system details
• Transaction persistence
• Fault tolerance
• Sharing
• Types of database
• Relational
• Hierarchical
• Network
• Object-oriented
• Object-relational
Relational Database Model
• The most widely used model today
• It uses attributes (columns) and tuples (rows) to contain and organize data
• Each cell contains only one data value that represents a specific attribute value
within a given tuple
• A Primary key is the field that links all the data within a record to a unique value
• A foreign key is defined in a second table, but it refers to the primary key in the
first table.
Hierarchical Database Model
• It is the first type of Database model that was created but not common now
• It combines records and fields that are related in a logical tree structure
• In this model, parents can have one child, many children or no children
• It does not use indexes to search procedures, and links cannot be established
between different branches and leaves on different layers
• Application has to use its own procedures to obtain data from the
database and then process the data for its needs
Object-oriented Database Model
• It is built upon the hierarchical data model
• It allows each data element to have multiple parent and child records forming a
redundant network like structure
• When an application queries for data, it not only returns the data but also the code to
carry out procedures on this data
• Characteristics
• It’s a replacement for ODBC
• It is a set of ODBC interfaces that exposes the functionality of data sources through
accessible objects
• It uses the OLE DB interface to connect with the database and can be developed with
many different scripting languages
• Characteristics
• It is a high-level data access programming interface
• It’s a set of COM objects for accessing data sources not just database access
• It allows developer to write programs that access data without knowing how the database is
implemented
• SQL commands are not required to access a database when using ADO
Java Database Connectivity (JDBC)
• It allows a Java application to communicate with a database
• Characteristics
• Provides the same functionality as ODBC but is specifically designed for use
by Java database applications
• Has database independent connectivity between the java platform and a wide
range of databases
• It enables the java programs to execute SQL statements
Relational Database Components
Component Description
Data Definition Language (DDL) Defines the schema and structure of the database, access
operations and integrity procedures
Data Manipulation Language It examines the data and defines how the data can be
(DML) manipulated within the database
Contains all the commands that enable an user to view,
manipulate and use the database
Data Control Language (DCL) It defines the internal language of the database
• It can contain the default values for columns, integrity information, the
names of users, the privileges and roles for users and auditing
information
• Referential Integrity:
• Mechanism to ensure no foreign key contains a reference to a primary key of a
nonexistent record or null value
• Entity Integrity:
• Guarantees that tuples are uniquely identified by primary key values; every tuple
must contain one primary value
Integrity Protection Mechanisms
Mechanism Operations
Rollback Operation that ends the current transaction and cancels the current changes to
database. Database returns to its pervious state
Commit Completes a transaction and executes all changes just made by the user. This
ensures that partial changes do not take place and that data is not corrupted
Savepoints Helps to make sure if a system failure occurs, or if an error is detected, the
database can attempt to return to a point before the system crashed.
Having too many savepoints can degrade the performance
Checkpoints When the database software fills up a certain amount of memory, a checkpoint
is initiated. It saves the data from a temporary segment to a temporary file. Its
similar to savepoints
Two-phase The requests for database changes are put into a queue and activated all at
commit once. A pre-commit ensures all database are ready before the commit
command is sent to each database
Database Security Issues
• Aggregation
• Act of combining information from separate sources. This combination
provides new information which the subject does not have the necessary
rights to access
• Combined information has a sensitivity that is greater than that of the
individuals parts
• Inference
• The ability to derive information not explicitly available
Database Security Issues – Control mechanism
• Content and Context Dependent access control
• Some techniques
• Cell suppression – hiding specific cells that contain information
• Partitioning – dividing database into different parts and controlling access
• Noise and Perturbation - inserting bogus information to mislead the attacker
• Polyinstantiation – two instances of same object have different attributes
Online Transaction Processing
• It is used when databases are clustered to provide fault tolerance
and higher performance
• Atomicity:
• Either all changes are done or the database is rolled back
• Consistency:
• All data is consistent in the different databases
• Isolation:
• Transaction execute in isolation until completed, without interacting with other transaction
• Durability:
• Once the transaction is verified as accurate, it is committed and the database cannot be
rolled back
Data Warehouse
• Data warehousing combines data from multiple databases into a
large database
• Metadata is the result of storing data with a data warehouse and in the
data with tools
Virus Application or code that infects software; Main function is to replicate and deliver its payload; It
requires a host application to replicate
Macro virus Written in one of the macro languages and it is platform independent
Its more common
Boot sector virus Infects the boot sector and either move data within boot sector or overwrite the sector with new
information
Polymorphic virus It produces varied but operational copies of itself, it can use different encryption schemes
requiring different routines
Has the capability to change its own code
Mutipart virus Has several components to it and can be distributed to different parts of the system
Meme virus Its actually not a virus, but types of email messages that are continuously forwarded by users
Script virus The virus will carry out the instructions that is integrated into the script
Tunneling virus Attempts to install itself under the antimalware program and remain stealth
Malicious Software
Type Description
Worm They can reproduce on their own and are self-contained programs
Rootkit A bundle of tools that allow an attacker backdoor entry to the victim system; root kids commonly
include log scrubbers – which remove traces of the attacker’s activities from the system logs.
Root kit detection may be difficult because the rootkit may be able to subvert the AV solutions.
The best way is to reinstall the OS
Spyware Malware that is covertly installed to gather sensitive information about a victim
Botnets Group of bots (compromised hosts) under the control of a Command and Control server to
perform activities planned by the attacker
Logic Bomb It executes a program when a certain set of condition is met
Trojan Horse It is a program that is disguised as another program. They perform useful functionality in addition
to the malicious functionality in the background. It is one of the fastest growing malware types
Antimalware software
Type Description
Signature based Effective for detecting known malware; it cannot address new variants
Heuristic detection Analysis the overall structure of the malicious code, evaluates the coded instructions and logic
functions and then decides on the malicious action. It helps detect unknown malware
Immunizer An immunizer attaches code to the file, which would fool a virus into thinking it is already infected
Karthikeyan Dhayalan
MD & Chief Security Partner
www.cyintegriti.com