Secure Programming - CSS-2751

Secure Programming Notes

Key Terms

  • Buffer Overflow: A failure of memory management when data input to a section of memory "overflows" that segment, overwriting data in other memory sections.

  • Code Injection: The process of inserting additional code into an application, often via unsanitized input to an interpreter.

  • Input Validation/Sanitization: Ensures user-provided input complies with expected data types and scrubs input before use.

  • Defense In Depth: A layered security policy that protects subjects even if one layer fails.

  • Principle of Least Privilege: Ensures users or programs have the minimum level of access necessary to perform their functions.

  • Default Deny/Whitelist: Security approach that denies all access unless explicitly allowed.

  • Static Analysis: Examination of source code or compiled code for errors without executing the program.

  • Dynamic Analysis: Tests run on an actively running program or device.

  • Fuzzing: An automated testing method feeding random or invalid input to a device to uncover crashes or exploits.

  • Black-Box Testing: Testing approach where the tester has no knowledge of the internal workings of the system.

  • White-Box Testing: Testing approach where the tester has full knowledge of the system, including source code and hardware.

Buffer Overflow Attacks

  • Definition: A buffer overflow is a failure of memory management, where input data exceeds boundaries of a memory segment, potentially overwriting critical data in memory.

  • Impact: Attackers can exploit buffer overflows to overwrite data in executable areas and execute malicious code.

  • Protective Measures:

    • Ensure all input data is within predefined memory bounds.

    • Implement memory layout randomization to prevent predictable memory exploitation.

Code Injection

  • Definition: Code injection occurs when malicious code is inserted into an application through unsanitized user input to an interpreter.

  • Examples: This can range from a simple line of code to complex libraries like DLL files.

  • Consequences: The injected code can alter application behavior, access databases, install malware, or elevate user privileges.

Input Validation and Sanitization

  • Input Validation: The process of checking user input against expected formats and types (can be whitelist or blacklist based).

  • Input Sanitization: The scrubbing process that modifies user input to eliminate potentially harmful elements.

    • Example: Ensuring user input to a SQL database is treated as data and not as SQL commands.

    • Also involves removing special characters to prevent injection attacks.

Static and Dynamic Analysis

  • Static Analysis: Involves reviewing source code or compiled binaries without executing them. It typically focuses on identifying common coding mistakes and adherence to coding standards.

  • Dynamic Analysis: Involves testing and analyzing the behavior of a running program or device. It evaluates the actual execution environment of code.

Fuzzing

  • Definition: Fuzzing is an automated testing method that inputs random or invalid data to a program to find unintended behaviors or crashes.

  • Objective: To discover inputs close enough to valid that the system does not reject them, yet unexpected enough to cause failure.

  • Example Anecdote: "A Software QA Tester walks into a bar…" depicts absurd commands to illustrate unexpected program behavior resulting from chaotic inputs.

Black-Box/White-Box Testing

  • Black-Box Testing: The tester operates without knowledge of the internal workings of the target system, only understanding what the system is meant to do.

  • White-Box Testing: The tester has comprehensive knowledge of the system, including internal mechanisms and code structure, facilitating in-depth evaluation and testing.

Bug Bounties

  • Definition: A program initiated by companies to invite ethical hackers to discover and report potential exploits.

  • Reward System: Ethical hackers receive compensation or incentives for identifying vulnerabilities, fostering a collaborative effort to enhance security.

Defense In Depth (DiD)

  • Concept: DiD refers to a layered approach to security where multiple defensive measures operate simultaneously to mitigate various risks.

    • Recognizes that vulnerabilities may exist even within seemingly secure code, necessitating protective layers.

    • Examples: Combining strong administrative access controls, firewalls, antivirus software, and sandboxing techniques to ensure broad protection.

Security by Design

  • Principles:

    • Source code should be readable and understandable to facilitate audits and updates, moving away from security through obscurity.

    • Ensure any reused code is secure; avoid using outdated or legacy code with known vulnerabilities.

    • Employ strong encryption standards for data in transfer.

    • Adopt a mindset of skepticism; always prioritize prevention and reporting of security breaches over merely recovering from attacks.

Questions?

  • Open forum for clarification or deeper exploration of topics covered.