3.6 Summarize secure application development and deployment concepts. Flashcards

1
Q

Development Life-Cycle Models

A

As mentioned, a big part of securing systems is to ensure that the applications that are running on the systems have been developed in a secure way. This is up to the application developers—they need to learn secure ways of developing applications so that hackers cannot hack through the application to gain access to the system.

A software development life cycle (SDLC) outlines the major phases to developing an application. There are six phases to the software development life cycle:

Requirements
gathering and analysis The first phase involves collecting the requirements for the application.

Design
After the requirements are collected, you then work on designing the application based on the requirements.

Implementation (coding)
The implementation phase is also known as the coding phase. During this phase, you write the code for the application.

Testing
After the coding phase, you then must test the code to verify the code does what it is supposed to.

Deployment
After testing, you are ready to install (deploy) the application to the system or systems that need to have the application.

Maintenance
During maintenance, you typically receive feedback from the persons using the application. You will need to fix any problems that arise with the application in this phase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Development Life-Cycle Models - Waterfall vs. Agile

A

Waterfall
With the waterfall model, you progress through each phase of the SDLC without the capability of going backward in phases at any time. The point is that you must be sure to complete each phase to its fullest so that there is no need to go back (that was viewed as costly when this model was created).

Agile
With the agile model, you can take a more iterative approach and go to a previous phase if you realize something was missed or needs to be reworked. For example, you could do some requirements gathering, do some design, and then implement a prototype for the customer to review. Then, based on feedback from the customer, you may have to revisit the first few phases to complete requirements gathering and the design of the application. During testing, you may find that you need to change the design, or change the code. The agile model views the capability to go back to a phase as critical to
application development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Secure DevOps

A

Secure DevOps is the principle of training developers to consider security from the beginning of the SDLC. Instead of viewing security as an afterthought, or something that you apply to the code after the fact, the code is implemented with security in mind from the beginning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Secure DevOps - Security Automation

A

As part of the development process, and in each phase of the SDLC, you should automate security testing so that you can verify the security of the application during all phases of the SDLC. You could automate software penetration testing and fuzz testing (locating bugs via data injection).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Secure DevOps - Continuous Integration

A

Continuous integration means the code updates from all developers involved in the project are merged into a central system on a regular basis. This allows the system to compile the application regularly and notify the team if there are compilation issues. The purpose is to ensure developers are aware of any issues sooner rather than later.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Secure DevOps - Baselining

A

With baselining you ensure that the systems running the application meet a hardened baseline that specifies the software and configuration of the system required to run the application in a secure state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Secure DevOps - Immutable Systems

A

Immutable systems is the practice of making no changes to the systems once they are in place. This includes configuration changes to the system and security updates. Making changes to the system could affect the application environment and cause the application to function differently. If a change to a system is required, you would deploy a new system (not make changes to the existing system) with all required changes and test your application on that new system before redeployment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Secure DevOps - Infrastructure as Code

A

As part of the Secure DevOps principles, you can have your code create the infrastructure for the application to run on. For example, you could have code that creates a virtual machine to host the web application. One of the major benefits of having your code create the infrastructure is that you know the configuration of the system is consistent with the design on the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Version Control and Change Management

A

Version Control
Larger organizations that have teams of developers developing applications will benefit from using version control features that identify the version of the application a developer is working on by using a version number, or revision number. The version number helps you keep track of which of the files represents the most recent changes made to the document. Version control software also allows you to easily revert to a previous version at any given time if you wish.

Change Management
Change management is the process you should follow to implement changes. Most companies have a change management policy that specifies how the changes are to be made. The change management process typically involves planning for change, testing the change, applying the change, and then verifying the change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Provisioning and Deprovisioning

A

Provisioning
When planning to deploy the application, it is important to ensure that you have a process in place to provision the systems that will be running the application. Provisioning is the setting up of a new system. This is a critical part to application security these days because applications are complex and typically involve using multiple servers. You may need to provision an application server, a web server, and a database server in order to deploy the application. Ensure that you provision the system to support the application, but at the same time make sure you follow security best practices such as hardening the system. The goal of provisioning is to ensure the system is compliant, thereby reducing vulnerabilities to attacks. As part of the provisioning process, you will grant users access to the application.

Deprovisioning
Deprovisioning a system is the process you take to remove the system from the application environment. When deprovisioning an application or system, you first alter the access control to ensure users do not have access to the system or application. An important point to remember with deprovisioning is that when an employee is terminated or leaves the company you will need to follow procedures to deprovision their access to the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Secure Coding Techniques

A

Two important parts of developing secure code are writing good exception handling routines and validating all data passed to the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Secure Coding Techniques - Proper Error Handling

A

When application developers create an application, they sometimes do not foresee errors that can occur in different situations. For example, a common error when creating a file open dialog box is not planning for the user choosing to open a file from the DVD device when no DVD has been placed in the system. This typically causes a runtime error, an error that does not occur until the application is running—meaning there was no indication to the developer that the error would exist when they were creating the application.

Runtime errors will occur because the developer cannot force someone to place a DVD into the DVD tray before browsing to that resource. So what the developer has to do is trap the error that occurs at that point. Trapping an error means that instead of the error actually happening, the programmer intercepts the error and displays a friendly warning message or takes some form of corrective action, instead of the application crashing (runtime errors cause the application to crash).

Exception handling is a more advanced method of error handling. Exception is a fancy term for a runtime error, and programmers such as .NET or Java developers will implement exception-handling code. Exception-handling code uses what is called a try/catch block—which means “try this code and catch any errors.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Secure Coding Techniques - Proper Input Validation

A

Developers need to adhere to the idea that when someone enters information into an application and clicks a button like Save, Find, or Execute, the developer must validate the input before using it somewhere in the application. Validating input means that the developer checks to ensure that the information typed by the user into the application is appropriate for the type of input that is expected. Any input that does not pass the validation test should be discarded and not processed.

For example, in a logon screen to an application, users need to type a username and a password. The username and password are, for the most part, short words containing fewer than 14 characters. The programmer should test on this input and make sure that the username is not more than 14 characters and that the password is not more than 14 characters. Also, passwords do not have spaces in them, so the programmer should check to see if a space is used as one of the characters—and if so, should cancel processing the information because it could be malicious. Other examples of characters to watch for are dashes ( - ) and apostrophes ( ’ ). They are not normally used in passwords, but hackers will input them into a logon screen to manipulate the way the software executes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Secure Coding Techniques - Normalization

A

Database normalization is the process of structuring a relational database in accordance with a series of so-called normal forms in order to reduce data redundancy and improve data integrity.

Normalization entails organizing the columns (attributes) and tables (relations) of a database to ensure that their dependencies are properly enforced by database integrity constraints. It is accomplished by applying some formal rules either by a process of synthesis (creating a new database design) or decomposition (improving an existing database design).

More on this:
https://en.wikipedia.org/wiki/Database_normalization#Normal_forms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Secure Coding Techniques - Stored Procedures

A

Stored procedures are objects created on a database that encapsulate the SQL code needed to perform actions such as inserting a record, deleting a record, or updating a record. This code could be written directly in a client application (web app, mobile app, or desktop application), but there are many benefits to putting your database logic in a stored procedure:

Performance
If you have the database code in the client application,
when the application executes, it must send the code to the server, which then parses the code, optimizes it, compiles it, and executes it. With a stored procedure, the parsing, optimizing, and compiling is only done the first time the stored procedure is called. Future calls just execute the cached compiled version of the store procedure that was already called.

Maintainability
If you put the SQL code in a stored procedure instead of in each software application, then you have a central place to update the database logic. When the logic needs to change, you change the SQL code in the stored procedure and all applications calling the stored procedure will run the updated code.

Security
Stored procedures can help prevent SQL injection attacks when using parameters and the stored procedure is prepared (meaning it is precompiled before first use). The benefit is that because it is precompiled, if the hacker tries to inject an SQL command into the parameter, they will receive an error because the stored procedure has already been compiled so that code inserted as a parameter is not accepted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Secure Coding Techniques - Code Signing

A

Code signing is a technique developers can use to digitally sign their code so that companies know where the code came from and they can trust that the code will do no harm to the system. Code signing also adds integrity to the code because a hash of the code is generated, meaning the code is run through an algorithm and an answer is generated. The answer is stored with the code. This gives you a way to verify that the code has not been altered when you check the code against the hash (answer) later on.

In order to digitally sign code, like a .DLL, .EXE file, or even a script such as a PowerShell script, you need a code signing certificate. This certificate is an electronic file that contains keys used to digitally sign other files.

17
Q

Secure Coding Techniques - Encryption

A

Encrypting sensitive data is an important consideration when developing applications. There are a few areas where you should look at encryption when developing an application. The first is communication protocols. If your application is communicating with other systems on the network or Internet, should you be encrypting the communication? If you are transmitting sensitive data, then the answer is yes. Another area to consider encryption is with storage of data. If you are storing sensitive information to a file, then that file should be encrypted, or the data in the file should be encrypted. If you are storing sensitive data in a database, then be sure to encrypt the information as it is stored in the database.

18
Q

Secure Coding Techniques - Obfuscation/Camouflag

A

Obfuscation and camouflage are common security principles that add to security by making a feature or component obscure or unclear. The idea here is that if the product or feature is hard to understand or find, then it will be harder to exploit.

19
Q

Secure Coding Techniques - Code Resue/Dead Code

A

Code Reuse
Code reuse is a common programming practice that can add to the security of the application. You would create a set of functions that follow secure coding principles and then call those functions from any of your applications that need the functionality. The purpose is that you know you are calling already tested and tried code, versus re creating new code that could have vulnerabilities.

Dead Code
You should also evaluate your code and look for dead code, which is code in a function that executes and returns a result, but the result is never used in the application anywhere. Dead code wastes resources such as memory and processing power.

20
Q

Secure Coding Techniques - Server-side vs. Client-side Execution and Validation

A

From a secure application design point of view, it is more secure to have server-side code execute than client-side code. Client-side code can be changed at the client and really should not be relied upon. For example, you should always implement validation code server-side, but whenever possible it does not hurt to implement validation code both client-side and server-side.

21
Q

Secure Coding Techniques - Memory Management

A

It is critical that developers learn to properly manage memory. This involves freeing memory from objects that are no longer in use by properly destroying those objects. If a developer fails to clean up memory, this could cause memory leaks in the application.

22
Q

Secure Coding Techniques - Use of Third-party Libraries and SDKs

A

Limit the use of third-party DLLs in your application and software development kits. You do not know how secure the code is in those components because you did not write the code.

23
Q

Secure Coding Techniques - Data Exposure

A

Be sure to limit the amount of data that is exposed from your application. One of the techniques to do this is known as encapsulation. You can create public methods that interact with the data without making the data directly available.

24
Q

Code Quality and Testing

A

A key to creating secure applications is to make sure that you implement proper code quality checks and testing.

25
Q

Code Quality and Testing - Static Code Analyzers (Static Analysis)

A

Static code analysis is typically the first type of code testing performed and involves reviewing code to identity issues without running the code. The code could be reviewed manually, with a team reading through the code, but there are also tools available called static code analyzers that can review the code and look for potential vulnerabilities.

Quick Summary:

  1. Performs at non-runtime
  2. Works on source code
  3. White box testing
  4. Large amount of time and resources
  5. A preventive action
  6. Code verification process
  7. Provides more defects
  8. Performed before Dynamic Analysis

https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/

26
Q

Code Quality and Testing - Dynamic Analysis (e.g., Fuzzing)

A

Dynamic analysis involves testing code by executing the code and seeing how the application responds to different input (fuzzing). Examples of dynamic analysis include running unit tests, integration tests, system tests, and acceptance tests.

Quick Summary:

  1. Performs at runtime
  2. Works on executed code
  3. Black box testing
  4. Less amount of time and resources compared to SA
  5. A corrective action
  6. Code validation process
  7. Provides fewer defects compared to SA
  8. Performed after Static Analysis
27
Q

Code Quality and Testing - Stress Testing

A

Stress testing is a form of testing that puts a lot of loads
on the application to determine how it would respond in production if a large number of users were to use the application.

28
Q

Code Quality and Testing - Sandboxing

A

Sandboxing is the term for running code that has been changed in an isolated environment, away from production systems, to test the effect of the code changes.

29
Q

Code Quality and Testing - Model Verification

A

A model is a simulation of a real program to be developed but does not have all the functionality programmed into the model. Models are created during the initial phases of development to verify that the customer is pleased with the basic elements of the application. The model should be verified on a regular basis to ensure that it still satisfies the needs of the customer.

30
Q

Compiled vs. Runtime Code

A

Several coding environments are available that your company can use to create custom solutions or applications to solve business problems. When the code is written, it is written either in an application environment, where the code is compiled or in a scripting environment (runtime code). Compiled code is preferred because it executes quicker than runtime code and is considered more secure because it is harder to alter after the code is compiled. With runtime code, anyone who has access to the script file could alter the code and make malicious changes.