CSC 2045 Secure Software Principles Week 02

Questions and Answers

Which of the following best describes the concept of Secure Development Lifecycle (SDL)?

• A process that excludes user feedback from the development
• A methodology focusing solely on the testing phase of software
• A framework that integrates security at every stage of software development (correct)
• A strategy that prioritizes speed over security in coding

What does the CIA triad represent in the context of security fundamentals?

• Complexity, Input, and Accuracy
• Consistent Interface and Application
• Code Integrity and Assurance
• Confidentiality, Integrity, and Availability (correct)

Which programming principle should be prioritized during implementation?

• Adapting popular coding styles
• Maximizing performance over security
• Code reviews and responsible coding (correct)
• Focusing solely on functionality

What does the STRIDE threat model help identify?

Security threats (C)

Which of the following is NOT a component of the STRIDE threat model?

Complexity (C)

What is a primary focus of threat modeling?

Assessing security vulnerabilities (D)

Which technique helps in mitigating the risk of information disclosure?

Access control and encryption (D)

Which of the following describes 'elevation of privilege'?

Unauthorized access to higher system privileges (B)

What is one objective of using logging and audit trails?

To provide evidence in case of repudiation (C)

What is one characteristic of static analysis in secure coding practices?

It analyzes source code without executing it (D)

What is one reason programmers may write insecure code?

A lack of awareness regarding security issues. (D)

What contributes to the challenge of fixing legacy software?

The inherent complexity of outdated systems. (A)

What common misconception do programmers hold regarding security?

Security can be effectively implemented post-development. (C)

What is essential for integrating security into the Software Development Lifecycle (SDLC)?

Incorporating security actions into each existing phase of the SDLC (A)

Which term is used to describe security practices built into DevOps activities?

DevSecOps (A)

Why should security actions not be treated as a separate lifecycle from the SDLC?

Integration with the existing SDLC prevents security measures from being ignored. (B)

What does the implementation of Continuous Integration and Continuous Delivery/Deployment (CI/CD) pipelines in SDLC mostly automate?

Development and operational phases of the application lifecycle (C)

What type of security testing is NOT included in the automation of the SDLC?

Manual Code Review (B)

What does the 'Integrity' principle in the CIA triad primarily focus on?

Protecting data from unauthorized modification (B)

Which component is NOT part of the CIA triad?

Authorization (A)

What aspect of security does the term 'Availability' refer to?

Ensuring the presence of information or resources (A)

What does the 'Confidentiality' principle seek to achieve?

Preventing unauthorized access to sensitive information (A)

What does the principle of 'Security by Design' emphasize during system development?

Security should be integrated from the beginning of the design process. (B)

What is the primary focus of the 'Security by Default' principle?

To establish default settings that prioritize security over usability. (C)

What does the phrase 'no security guarantee' imply regarding software applications?

With enough effort, any application can be compromised. (A)

What does the term 'Psychological acceptability' refer to in the context of security design?

The requirement that security measures must not hinder usability. (B)

Flashcards

Problem Statement

Identifying and documenting the root cause of a problem within a software system.

What is CIA?

CIA refers to Confidentiality, Integrity, and Availability. These are three fundamental principles of information security. Confidentiality ensures that data is protected from unauthorized access, Integrity ensures that data remains accurate and unaltered, and Availability ensures that data and systems are accessible when needed.

Threat Modeling

A model that outlines how attackers might try to exploit vulnerabilities in a software system.

What is AAA?

AAA stands for Authentication, Authorization, and Accounting. These are key security mechanisms to control access to systems and resources. Authentication verifies the identity of a user. Authorization determines the user's access permissions. Accounting tracks user actions for auditing and security analysis.

Confidentiality

The principle of ensuring that only authorized users can access specific data or resources.

What is SDLC?

Secure Development Lifecycle (SDL) is a process that integrates security considerations throughout the entire software development lifecycle. This process helps to minimize security vulnerabilities in software by proactively addressing security risks in each development phase.

What is a buffer overflow?

Buffer overflows occur when a program attempts to write more data into a memory buffer than it can hold. This can overwrite adjacent memory locations, potentially causing crashes, corrupting data, or enabling unauthorized code execution.

Integrity

The principle of ensuring that data remains accurate and unmodified.

What is software security?

Software security focuses on managing risks related to the confidentiality, integrity, and availability of software and its associated data. This includes protecting software from malicious attacks, unauthorized access, and data breaches.

Availability

The principle of ensuring that a system remains available and operational.

Spoofing

A technique that attempts to impersonate a legitimate user or entity.

Tampering

Unauthorized modifications to data or system resources.

Denial of Service (DoS)

The ability of an attacker to deny legitimate users access to a system or service.

Authentication (I&A)

Verifying the identity of a user or system by confirming they are who they claim to be.

Authorization

Allowing authenticated users to perform specific actions based on their granted permissions.

Why do developers ignore security?

Software developers often skip security measures despite the importance of secure programming. This is because security is not typically part of the curriculum and often doesn't receive adequate attention in programming books and courses.

Why do programmers use easy, non-secure methods?

Many programmers focus on ease of use and efficiency, prioritizing quick solutions over robust security measures. This can lead to vulnerabilities that attackers can exploit.

What are the security issues with C?

A common programming language used in numerous applications, C has intrinsic security flaws that can be exploited by attackers. The programming culture in C often encourages practices that are prone to vulnerabilities.

Why don't consumers care about security?

The security of software and systems is often overlooked as consumers prioritize functionality and usability. Lack of awareness about security risks and the perception that these risks are rare can make it difficult to motivate consumers to prioritize secure solutions.

What are the costs of security?

Addressing security vulnerabilities can add significant time and costs to the software development process, making it challenging to balance security with other priorities. Companies must prioritize security, and this leads to economic trade-offs.

Secure Software Development Lifecycle (SDLC)

A secure development lifecycle (SDLC) integrates security considerations throughout the entire software development process, minimizing vulnerabilities by proactively addressing risks in each phase.

DevSecOps

DevSecOps builds security practices into the DevOps activities to protect against attacks and provide automated security testing.

Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) is a dynamic testing approach that combines code analysis with runtime instrumentation to detect vulnerabilities during application execution.

Static Application Security Testing (SAST)

Static Application Security Testing (SAST) analyzes the source code of an application to identify potential security vulnerabilities before runtime.

Dynamic Application Security Testing (DAST)

Dynamic Application Security Testing (DAST) simulates real-world attacks against an application to detect vulnerabilities in its runtime behavior.

CIA Triad

A model that outlines the core principles of application security, focusing on confidentiality, integrity, and availability of information. Remember it as a triangle representing strong connections between its three points.

AAA Triad

The three pillars of application security, extending the CIA Triad. Authentication verifies user identity, authorization controls access permissions, and auditing tracks user activities.

Security by Design

Security should be built into every stage of software development, from design to implementation, maintenance, and disposal.

Security by Default

The most secure configuration of a software system should be the default setting. This may not be the easiest or most user-friendly option.

No Security Guarantee

No software system can be completely immune to all attacks. Even with the best security measures, it's impossible to eliminate every potential vulnerability.

Least Functionality

The default configuration should only allow essential functions, minimizing potential attack surface areas.

Study Notes

Course Information

• Course Title: Secure Software Principles
• Course Code: CSC 2045

Objectives

• Understand why vulnerabilities exist in programming code.
• Learn standard software engineering and software assurance principles for secure software development.

Agenda: Week 02

• Secure Coding
• Secure Fundamentals
• Principles of Security
• SDLC
• Good Programming, Coding Standards & Practices

Secure Coding in C/C++

• Read the Forward (page xvii) from the book Secure Coding C/C++ by Robert Seacord.
• Reference: https://insights.sei.cmu.edu/documents/1312/2005_009_001_52710.pdf

OWASP Secure Fundamentals

• Read the OWASP Developer Guide on Secure Fundamentals.
• Reference: https://owasp.org/www-project-developer-guide/draft/foundations/security_fundamentals/
• Define CIA (Confidentiality, Integrity, Availability) and AAA (Authentication, Authorization, Accounting).

OWASP Principles of Security

• Read the OWASP Developer Guide on Security Principles.
• Reference: https://owasp.org/www-project-developer-guide/draft/foundations/security_principles/
• Understand the outlined security principles.

OWASP Secure Development & Integration

• Read the OWASP Developer Guide on Secure Development & Integration.
• Reference: https://owasp.org/www-project-developer-guide/draft/foundations/secure_development/
• Define SDLC (Software Development Life Cycle).

Why Do We Need SDLC?

• Software provides automation, intelligence, and functionality.
• Software takes input and produces output.
• Unexpected input can lead to unexpected interactions among components.
• Automation, intelligence, and functionality create potential risks, including privacy issues, unauthorized actions (like alteration or privilege escalation through buffer overflow).
• Understanding software security is crucial.
• Managing these risks is essential.

Software Development Lifecycle (SDLC)

• Phase 1: Define the Problem: Analyze and specify the requirements for the problem.
• Phase 2: Design the Solution: Defining the algorithm to solve the particular problem
• Phase 3: Implement/Code Solution: Creating the program's solution.
• Phase 4: Testing: Verifying the correctness and effectiveness, and identifying potential errors in the program.
• Phase 5: Deploy/Maintain & Document: Deploying it to the intended environment and maintaining its functionality afterward (documentation is essential).

Analysis and Requirements

• What?
  • Define the problem.
  • Understand the requirements.
• Most common cause of system failures: Tracing failures to inadequate requirements gathering.
• Document the problem statement precisely.
• Use cases.
• Threat modeling.
• Important point: Consider security in this phase.

Design

• How? Planning, Algorithms, and Code Responsibility
• Consider vulnerabilities and apply security principles.

Implementation

• Choose a programming language (consider security).
• Code Responsibly. Apply software security principles. Understand syntax errors vs. logic errors.
• Code reviews and static analysis.
• Important point: Consider security during implementation.

Safe Coding: Threat Modeling 101

• STRIDE Threat Model:
  • Spoofing: Unauthorized access masquerading as another user.
  • Tampering: Unauthorized changes to data or functionality.
  • Repudiation: Inability to confirm actions.
  • Information Disclosure: Revealing confidential information.
  • Denial of Service (DoS): Preventing legitimate users from accessing resources.
  • Elevation of Privilege: Unauthorized increase in permissions.
  • Other considerations include Confidentiality, Integrity, Availability, Identification/Authentication, Authorization, and Auditing.

Threats and Mitigation Techniques

• Spoofing Identity: Compromising authentication, protecting keys, and passwords.
• Tampering with Data: Compromising integrity.
• Repudiation: Logging, audit trails, and digital signatures.
• Information Disclosure: Compromising confidentiality, access control, and encryption.
• Denial of Service: Compromising availability, graceful degradation, filtering, increasing server resources.
• Elevation of Privilege: Access control and sandboxing.

Common Code Vulnerabilities

• Incorrect or incomplete input validation
• Poor or missing exception handling
• Buffer overflows
• Race conditions
• SQL injection
• Cross-side scripting
• Common Vulnerabilities (additional): The document lists several other Common Weakness Enumeration (CWE) vulnerabilities with year-over-year trends, including CWE-20, CWE-119, CWE-434, CWE-22, CWE-89, etc. Studying these and their trends is essential.

Good Programming

• Focus on both problem solving and precise solutions.
• Programs should be readable by humans, with attention given to the design, to be easily executed by the machine later.
• This is vital for good programming practices.
• Consider these points as you develop new code.

Why Write Insecure Code?

• Read the given web link (https://dwheeler.com/secure-programs/Secure-Programs-HOWTO/why-write-insecure.html) and discuss the reasons for creating insecure code.
• Answer questions in the PearDeck format about the items in the article, and your opinions about them.

Good Programming style

• Code is read more than written.
• Code consistency.
• Code clarity.
• Code formatting.

C++ Coding Standards

• Coding standards for a particular environment using C++. There is no completely universal standard for all environments, since the uses for C++ are too varied.
• Guidelines for using using namespace std. Avoid using using namespace std; in your code.
• Guidelines for local variable declarations. Declaring variables at the top of the function scope is generally preferred.
• Important point: C++ Coding Standards are important for consistent software designs and maintenance; no single standard applies to all use-cases.
• Guidelines for variable naming. Use descriptive and meaningful names that clearly indicate the purpose of the variable.
• Guidelines for global variables. Minimize the usage of global variables whenever possible.