Chapter 11- Software Security

Insecure Interaction

Includes issues like Cross-Site Scripting, SQL Injection, Improper Input Validation, OS Command Injection, CSRF, and Unrestricted File Upload.

Risky Resource Management

Includes Out-of-bounds Write/Read, Use After Free, Path Traversal, NULL Pointer Dereference, Integer Overflow, Race Condition, and Uncontrolled Resource Consumption.

Porous Defenses

Includes Improper Authentication, Hard-coded Credentials, Missing Authorization, Missing Authentication for Critical Function, and Incorrect Default Permissions.

Security Flaws

Critical flaws like injection attacks caused by poor input validation; developers must fix these weaknesses.

Reducing Software Vulnerabilities

Stop vulnerabilities with secure design; find them with better testing; reduce their impact with resilient architectures.

Software Quality vs Security

Quality focuses on random failures; security focuses on deliberate attacks exploiting bugs triggered by unusual inputs.

Defensive Programming

Design software to continue functioning under attack; validate all assumptions and handle all errors safely.

Security by Design

Integrate security into design phase; use SAFECode best practices for secure software development.

Handling Program Input

Identify all input sources; validate size, type, and format before use.

Input Size & Buffer Overflow

Failure to validate input size leads to buffer overflows; treat all inputs as dangerous.

Interpretation of Program Input

Incorrect encoding or character handling can cause vulnerabilities; e.g., Heartbleed bug due to unchecked binary input.

Injection Attacks

Occur when unvalidated input affects execution flow; common in scripting and web applications.

Cross-Site Scripting (XSS)

Attacker injects malicious scripts into trusted sites; exploits browser trust of same-origin content.

Validating Input Syntax

Compare input against expected safe patterns; reject anything not explicitly allowed.

Alternate Encodings

Canonicalization ensures consistent encoding of input; prevents attackers from bypassing filters using alternate forms.

Validating Numeric Input

Ensure correct signed/unsigned interpretation; avoid overflows or bypasses of validation checks.

Input Fuzzing

Randomly generate inputs to test for crashes and vulnerabilities; effective, low-cost method for robustness testing.

Writing Safe Program Code

Ensure algorithm correctness, secure machine code translation, valid data manipulation, and error handling.

Correct Algorithm Implementation

Poorly implemented algorithms create bugs; predictable TCP sequence numbers and leftover test code can be exploited.

Ensuring Machine Language Matches Algorithm

Compiler may not perfectly translate logic; high-assurance systems (EAL7) verify this manually.

Correct Data Interpretation

Use strongly typed languages; improper casting or reinterpretation of data can create security flaws.

Correct Use of Memory

Avoid memory leaks, use proper allocation/deallocation; older languages more prone to issues.

Race Conditions

Concurrent access without synchronization causes corruption; fix using locks and coordination mechanisms.

Operating System Interaction

Programs must manage permissions, shared resources, and environment variables safely.

Environment Variables

Can be exploited to escalate privileges; must be sanitized or reset to safe values.

Vulnerable Compiled Programs

PATH or LDLIBRARYPATH manipulation can hijack privileged programs; use static linking or controlled environment.

Use of Least Privilege

Run programs with only required privileges; limits damage from potential exploits.

Root/Administrator Privileges

Separate privileged and normal operations; modular design reduces breach impact.

System Calls & Library Functions

Unsafe assumptions about system calls may cause unexpected behavior or optimization conflicts.

Preventing Race Conditions

Use synchronization like lockfiles; all processes must cooperate to maintain consistency.

Safe Temporary Files

Use unpredictable random file names; avoid race between file creation and access.

Other Program Interaction

Programs calling others must validate and sanitize all interactions; web interfaces are especially risky.

Handling Program Output

Ensure output is properly formatted, validated, and filtered before display or transmission.