E-Book, Englisch, 392 Seiten
Merkow / Raghavan Secure and Resilient Software Development
Erscheinungsjahr 2010
ISBN: 978-1-4398-2697-3
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
E-Book, Englisch, 392 Seiten
ISBN: 978-1-4398-2697-3
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Although many software books highlight open problems in secure software development, few provide easily actionable, ground-level solutions. Breaking the mold, Secure and Resilient Software Development teaches you how to apply best practices and standards for consistent and secure software development. It details specific quality software development strategies and practices that stress resilience requirements with precise, actionable, and ground-level inputs.
Providing comprehensive coverage, the book illustrates all phases of the secure software development life cycle. It shows developers how to master non-functional requirements including reliability, security, and resilience. The authors provide expert-level guidance through all phases of the process and supply many best practices, principles, testing practices, and design methodologies.
For updates to this book and ongoing activities of interest to the secure and resilient software community, please visit: www.srsdlc.com
"Secure and Resilient Software Development provides a strong foundation for anyone getting started in application security. Most application security books fall into two categories: business-oriented and vague or ridiculously super technical. Mark and Laksh draw on their extensive experience to bridge this gap effectively. The book consistently links important technical concepts back to the business reasons for application security with interesting stories about real companies dealing with application security issues."
—Jeff Williams, Chair, The OWASP Foundation
Zielgruppe
Software developers, software engineers, and programmers.
Autoren/Hrsg.
Weitere Infos & Material
How Does Software Fail Thee? Let Us Count the Ways
Vulnerabilities Abound Security Flaws Are Omnipresent Cars Have Their Share of Computer Problems Too
Tracing the Roots of Defective Software
What Are the True Costs of Insecure Software to Global Enterprises?
Addressing Security Questions Addresses Resilience
Characteristics of Secure and Resilient Software
Functional Versus Nonfunctional Requirements
Testing Nonfunctional Requirements
Families of Nonfunctional Requirements
Availability
Capacity
Efficiency
Interoperability
Manageability
Cohesion
Coupling
Maintainability
Performance
Portability
Privacy
Recoverability
Reliability
Scalability
Security
Serviceability/Supportability
Characteristics of Good Requirements
Eliciting Nonfunctional Requirements
Documenting Nonfunctional Requirements
Security and Resilience in the Software Development Life Cycle
Resilience and Security Begin from Within
Requirements Gathering and Analysis
Systems Design and Detailed Design Functional Decomposition Categorizing Threats Ranking Threats Mitigation Planning
Design Reviews
Development (Coding) Phase Static Analysis Peer Review Unit Testing
Testing
Deployment
Security Training
Proven Best Practices for Resilient Applications
Critical Concepts
The Security Perimeter
Attack Surface Mapping the Attack Surface Side Channel Attacks
Application Security and Resilience Principles
Practice 1: Apply Defense in Depth
Practice 2: Use a Positive Security Model
Practice 3: Fail Securely
Practice 4: Run with Least Privilege
Practice 5: Avoid Security by Obscurity
Practice 6: Keep Security Simple
Practice 7: Detect Intrusions
Log All Security-Relevant Information
Ensure That the Logs Are Monitored Regularly
Respond to Intrusions
Practice 8: Don’t Trust Infrastructure
Practice 9: Don’t Trust Services
Practice 10: Establish Secure Defaults
Mapping Best Practices to Nonfunctional Requirements
Designing Applications for Security and Resilience
Design Phase Recommendations Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Risk Analysis and Modeling Security Requirements and Test Case Generation
Design to Meet Nonfunctional Requirements
Design Patterns
Architecting for the Web
Architecture and Design Review Checklist
Programming Best Practices
The Evolution of Software Attacks
The OWASP Top 10 A1: Injection A2: Cross-Site Scripting A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery A6: Security Misconfiguration A7: Failure to Restrict URL Access A8: Unvalidated Redirects and Forwards A9: Insecure Cryptographic Storage A10: Insufficient Transport Layer Protection
OWASP Enterprise Security API (ESAPI) Input Validation and Handling Client-Side Versus Server-Side Validation Input Sanitization Canonicalization Examples of Attacks due to Improper Input Handling Approaches to Validating Input Data Handling Bad Input ESAPI Interfaces
Cross-Site Scripting Same Origin Policy Attacks Through XSS Prevention of Cross-Site Scripting ESAPI Interfaces
Injection Attacks SQL Injection Stored Procedures Identifying SQL Injection and Exploitation Defending Against SQL Injection Creating SQL Queries Additional Controls to Prevent SQLInjection Attacks ESAPI Interfaces
Authentication and Session Management Attacking Log-in Functionality Attacking Password Resets Attacking Sensitive Transactions
Cross-Site Request Forgery CSRF Mitigation
Session Management Attacking Log-out Functionality Defenses Against Log-out Attacks Defenses Against Cookie Attacks Session Identifiers ESAPI Interfaces
Access Control Avoiding Security Through Obscurity Access Control Issues Testing for Broken Access Control Defenses Against Access Control Attacks Administrator Interfaces Protecting Administrator Interfaces ESAPI Interfaces
Cryptography Hashing and Password Security Attacking the Hash Precomputed Attacks Message Authentication Code (MAC) Home-Grown Algorithms Randomness and Pseudo-Randomness ESAPI Interfaces
Error Handling User Error Messages Log-in Error Messages—A Case Study Error Message Differentiation Developer Error Messages Information to Be Kept Private Structured Exception Handling ESAPI Interfaces
Ajax and Flash AJAX Application Traffic AJAX Client Requests Server Responses Typical Attacks Against AJAX Applications Security Recommendations for AJAX Applications Adobe Flash—Sandbox Security Model Cross-Domain Policy Restrict SWF Files Embedded in HTML Attacking Flash Applications Securing Flash Applications
Additional Best Practices for Software Resilience Externalize Variables EncryptedProperties—Method Summary Initialize Variables Properly Do Not Ignore Values Returned by Functions Avoid Integer Overflows
Top Secure Coding Practices
Fifty Questions to Improve Software Security
Special Considerations for Embedded Systems, Cloud Computing, and Mobile Computing Devices
Embedded Systems Bad Assumptions About Embedded Systems Programming New Mantras The Framework
Distributed Applications/Cloud Computing Representational State Transfer (REST) REST Stateless Authentication Attacking Distributed APIs Securing Distributed APIs
Mobile Applications BlackBerry Windows Mobile iPhone Mobile Application Security
Security Testing of Custom Software Applications
Fixing Early Versus Fixing After Release
Testing Phases
Unit Testing
Manual Source Code Review
The Code Review Process
Automated Source Code Analysis Automated Reviews Compared with Manual Reviews Commercial and Free Source Code Analyzers Fortify 360
Acquiring Commercial or Open-Source Analysis Tools
Deployment Strategy IDE Integration for Developers Build Integration for Governance
Regulatory Compliance
Benefits of Using Source Code Analyzers
Penetration (Pen) Testing Penetration Testing Tools Automated Black Box Scanning Deployment Strategy Gray Box Testing Limitations and Constraints of Pen Testing Tools
Testing Commercial off-the-Shelf Systems
The Problems with Shrink-Wrapped Software
The Common Criteria for Information Technology Security Evaluation Harmonizing Evaluation Criteria Development Evaluation Operation Key Concepts of the Common Criteria The Security Framework The Common Criteria Approach The Security Environment The Common Criteria Portal Criticisms of the CC
The Commercial Community Responds The BITS/FSTC Security Assurance Initiative
ICSA Labs
Evaluation Methodology
Certification Criteria
ICSA Labs Testing and Certification Process
Veracode’s VerAfied Software Assurance Ratings Methodology Assessing Software for the VerAfied Mark
Implementing Security and Resilience Using CLASP
Comprehensive, Lightweight Application Security Process (CLASP)
CLASP Concepts
Overview of the CLASP Process
CLASP Key Best Practices Best Practice 1: Institute Awareness Programs Best Practice 2: Perform Application Assessments Best Practice 3: Capture Security Requirements Best Practice 4: Implement Secure Development Practices Best Practice 5: Build Vulnerability Remediation Procedures Best Practice 6: Define and Monitor Metrics Best Practice 7: Publish Operational Security Guidelines
CLASP Security Activities to Augment Software Development Processes
Applying CLASP Security Activities to Roles
Re-engineering Your SDLC for CLASP Business Objectives Process Milestones Process Evaluation Criteria Forming the Process Re-engineering Team
Sample CLASP Implementation Roadmaps Green-Field Roadmap Legacy Roadmap
Metrics and Models for Security and Resilience Maturity
Maturity Models for Security and Resilience
Software Assurance Maturity Model—OpenSAMM Core Practice Areas Levels of Maturity Assurance
The Building Security In Maturity Model (BSIMM) BSIMM Software Security Framework
BSIMM Activities Governance: Strategy and Metrics Governance: Compliance and Policy Governance: Training Intelligence: Attack Models Intelligence: Security Features and Design Intelligence: Standards and Requirements SSDL Touchpoints: Architecture Analysis SSDL Touchpoints: Code Review SSDL Touchpoints: Security Testing Deployment: Penetration Testing Deployment: Software Environment Deployment: Configuration Management and Vulnerability Management Measuring Results with BSIMM
Helpful Resources For Implementing BSIMM
Applying BSIMM to the Financial Services Domain Working Group Methodology
Taking It to the Streets
Getting Educated DEVELOPER 530: Defending Web Applications DEVELOPER 530: Essential Secure Coding in Java/JEE DEVELOPER 541: Secure Coding in Java/JEE: Developing Defensible Applications DEVELOPER 542: Web App Penetration Testing and Ethical Hacking DEVELOPER 544: Secure Coding in.NET: Developing Defensible Applications DEVELOPER 545: Secure Coding in PHP: Developing Defensible Applications DEVELOPER 534: Secure Code Review for Java Web Apps DEVELOPER 543: Secure Coding in C/C++: Developing Defensible Applications Aspect Security Inc. CERT Software Engineering Institute (SEI) SEI Secure Coding in C and C++ Course
Getting Certified Certified Secure Software Lifecycle Professional (CSSLP) Why Obtain the CSSLP? Benefits of Certification to the Professional Benefits of Certification to the Enterprise
Getting Involved Web Application Security Consortium
Reaching Out for Research DHS Research Program Areas The U.S. Treasury and the FSSCC
Last Call
Conclusion
Glossary
Appendix A 20CWE/SANS Top Most Dangerous Programming Errors
A.1 Brief Listing of the Top A.1.1 Insecure Interaction Between Components A.1.2 Risky Resource Management A.1.3 Porous Defenses
A.2 Detailed CWE Descriptions A.2.1 CWE-79: Failure to Preserve Web Page Structure (“Cross-Site Scripting”) A.2.2 CWE-89: Improper Sanitization of Special Elements Used in an SQL Command (“SQL Injection”) A.2.3 CWE-120: Buffer Copy Without Checking Size of Input (“Classic Buffer Overflow”) A.2.4 CWE-352: Cross-Site Request Forgery (CSRF) A.2.5 CWE-285: Improper Access Control (Authorization) A.2.6 CWE-807: Reliance on Un-trusted Inputs in a Security Decision A.2.7 CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) A.2.8 CWE-434: Unrestricted Upload of File with Dangerous Type A.2.9 CWE-78: Improper Sanitization of Special Elements Used in an OS Command (“OS Command Injection”) A.2.10 CWE-311: Missing Encryption of Sensitive Data A.2.11 CWE-798: Use of Hard-Coded Credentials A.2.12 CWE-805: Buffer Access with Incorrect Length Value A.2.13 CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (“PHP File Inclusion”) A.2.14 CWE-129: Improper Validation of Array Index A.2.15 CWE-754: Improper Check for Unusual or Exceptional Conditions A.2.16 CWE-209: Information Exposure Through an Error Message A.2.17 CWE-190: Integer Overflow or Wraparound A.2.18 CWE-131: Incorrect Calculation of Buffer Size A.2.19 CWE-306: Missing Authentication for Critical Function A.2.20 CWE-494: Download of Code Without Integrity Check A.2.21 CWE-732: Incorrect Permission Assignment for Critical Resource A.2.22 CWE-770: Allocation of Resources Without Limits or Throttling A.2.23 CWE-601: URL Redirection to Site (“Open Redirect”) Cryptographic Algorithm A.2.25 CWE-362: Race Condition
Appendix B Enterprise Security API
B.1 Interface Encoder
B.2 Interface User
B.3 Interface Authenticator
B.4 Interface AccessController
B.5 Interface AccessReferenceMap
B.6 Interface Encryptor
B.7 Interface HTTPUtilities
B.8 Interface Logger
Index
Each chapter concludes with a "References" Section
