Defensive Coding Practices – Concepts and Techniques

Question 1

Input validation is the verification process that ensures the data that is supplied for processing is …

Answer 1

of the correct data type and format; falls within the expected and allowed range of values; is not interpreted as code as is the case with injection attacks; does not masquerade in alternate forms that bypass security controls.

Question 2

Canonicalization (or C14N) is the process of …

Answer 2

converting data that has more than one possible representation to conform to a standard canonical form.

Question 3

Sanitization is the process of …

Answer 3

converting something that is considered dangerous into its innocuous form. Both inputs and outputs can be sanitized.

Question 4

Input sanitization is the process of …

Answer 4

transforming the data that is supplied by the user before it is processed. Methods are Stripping, Substitution, Literalization.

Question 5

What are the two of the most basic and effective protection mechanisms that can be used to mitigate a lot
of software attacks?

Answer 5

Input validation and output error handling importance.

Question 6

Clipping level is the tolerance of …

Answer 6

user errors which are inevitable, permitting a pre-determined number of user errors before recording it as a security violation.

Question 7

Threat modeling should identify API as …

Answer 7

potential entry points; banned and deprecated APIs that are susceptible to security breaches should be avoided and replaced with secure counterparts.

Question 8

The Locality of Reference, also known as the principle of the locality, is the principle that subsequent data locations that are referenced when a program is run are often …

Answer 8

predictable and in proximity to previous locations based on time or space.

Question 9

Dangling pointers are those pointers that … These occur when the object that the pointer was originally referencing was …

Answer 9

do not point to a valid object of the appropriate type in memory; deleted or de-allocated without the pointer value being modified.

Question 10

The wild pointers are used prior to …

Answer 10

being initialized but they have been known to result in similar erratic, unpredictable, and dangerous results as dangling pointers.

Question 11

From Wild pointers and Dangling pointers, attackers can take advantage and initiate …

Answer 11

overflow attacks.

Question 12

A memory leak occurs when …

Answer 12

the memory buffer object that is allocated to hold some variable becomes unreachable.

Question 13

The main goal of garbage collection is to …

Answer 13

reduce memory leaks i.e., reclaiming unreachable memory objects.

Question 14

ARC

Answer 14

Automatic Reference Counting - a way of garbage collection wherein each object in memory keeps a count of the number of pointer references to it. Each time a reference to the object is made, the reference count is incremented. Whenever, a reference to the object is destroyed, then the reference count is decremented.

Question 15

Fast death attack frequently subjecting the garbage collector to go into …

Answer 15

overdrive in its function resulting in the system coming to a halt.

Question 16

Slow death attack is when the attacker requests …

Answer 16

additional memory that the garbage collector has to invoke, but they do so at a rate that is not quite as severe to throw an out-of-memory exception. In slow death, the CPU cycles are stolen, when memory is being occupied.

Question 17

Type safety is an important consideration when choosing between a managed and unmanaged programming language. Type-safe code cannot access memory at …

Answer 17

arbitrary locations out of the range of memory address space that belongs to the object’s publicly exposed fields, it prevents Buffer overflow vulnerabilities.

Question 18

CAS

Answer 18

Code access security (CAS) prevents code from untrustworthy sources or unknown origins from having run time permissions to perform privileged operations.

Question 19

In addition to type safety, CAS concepts include the following …

Answer 19

Syntax Security (Declarative and Imperative); Security Actions; Secure Class Libraries.

Question 20

Exceptions are software issues that are not

Answer 20

handled explicitly when the software behaves in an unintended or unreliable manner.

Question 21

In Exception Management, all exceptions must be …

Answer 21

explicitly handled in order to avoid disclosing the entire exception stack. This can result in information disclosure potentially revealing the software’s internal architectural details and in some cases even the data value.

Question 22

Safe Security Exception Handler (/SAFESEH) flag in systems that support it is an important exception management feature that can be leveraged during the …

Answer 22

compilation and linking process.

Question 23

In a Session hijacking attacks, an attacker …

Answer 23

impersonates the identity of a valid user and interjects themselves into the middle of an existing session, routing information from the user to the system and from the system to the user through them.

Question 24

When a session is hijacked, it can lead to …

Answer 24

information disclosure (confidentiality threat), alteration (integrity threat), or a denial of service (availability threat).

Question 25

Session management is a security concept that aims at …

Answer 25

mitigating session hijacking or MITM attacks; it requires that the session is unique by the issuance of unique session tokens and it also requires that user activity is tracked so that someone who is attempting to hijack a valid session is prevented from doing so.

Question 26

Secure startup prevents and mitigates …

Answer 26

side-channel attacks such as the Cold Boot attack.

Question 27

Insecure cryptographic vulnerabilities are primarily comprised of the …

Answer 27

use of a weak or custom-developed unvalidated cryptographic algorithm for encryption and decryption needs; The use of older cryptographic APIs; Insecure and improper key management; Inadequate and improper storage of the data (data at rest) that needs to be cryptographically secure; insufficient access control that gives users direct access to unencrypted data; violation of least privilege giving users elevated privileges.

Question 28

Prevention and mitigation techniques to address insecure cryptography issues are …

Answer 28

Data at rest protection controls; Appropriate algorithm usage; Cryptographic Agility; Secure key management; Adequate access control and auditing.

Question 29

Appropriate algorithm usage means the algorithm used for encryption and decryption purposes is …

Answer 29

not custom developed; a standard (such as the AES) and not a historically proven weak one (such as DES); older cryptography APIs (CryptoAPI) are not used and replaced with the Cryptography API; The design of the software takes into account the ability to quickly swap cryptographic algorithms as needed.

Question 30

CNG

Answer 30

Cryptography API Next Generation (CNG) is intended to be used by developers to provide secure data creation and exchange over non-secure environments such as the Internet and is extremely extensible because of its cryptography agnostic nature.

Question 31

Cryptographic agility means the application is architected to …

Answer 31

reference the cryptographic algorithm or hashing function outside the application code itself, so that it can be easily swapped, when required.

Question 32

One of the predominant flaws of cryptographic protection implementation in code is the use of …

Answer 32

unvalidated and custom-developed or weak cryptographic algorithms for encryption and decryption or noncollision-free hashing functions for hashing purposes.

Question 33

Types of Symmetric Banned Algorithm

Answer 33

DES, DESX, RC2, SKIPJACK, SEAL, CYLINK_MEK, RC4 (<128bit).

Question 34

Types of Asymmetric Banned Algorithm

Answer 34

RSA (<2048bit), Diffie-Hellman(<2048bit)

Question 35

Types of Hash (including HMAC usage) Banned Algorithm

Answer 35

SHA-0 (SHA), SHA-1, MD2, MD4, MD5

Question 36

Symmetric Acceptable or Recommended Algorithm

Answer 36

3DES (2 or 3), RC4 (>=128bit), AES

Question 37

Asymmetric Acceptable or Recommended Algorithm

Answer 37

RSA(>=2048bit),Diffie-Hellman(>=2048bit), ECC(>=256bit)

Question 38

Hash (including HMAC usage)

Answer 38

SHA-2 (includes: SHA-256, SHA-384, SHA-512)

Question 39

CNG is the replacement to the CryptoAPI; CNG gives developers the ability to …

Answer 39

enable users to create and exchange documents and data in a secure manner over non-secure environments such as the Internet.

Question 40

The main features of CNG include …

Answer 40

A new cryptographic configuration system that supports better cryptographic agility; Abstraction for key storage and separation of the storage from the algorithm operations; Process isolation for operations with long-term keys; Replaceable random number generators; Better export signing support; Thread-safety throughout the stack; Kernel-mode cryptographic API.

Question 41

Cryptographically agile code however poses some challenges such as:

Answer 41

Different algorithm can yield an ouput with different size; Persisted (stored) data that is encrypted with an replaced algorithm or even a password stored using a hash algorithm.

Question 42

Secure key management means that the generation of the keys uses a …

Answer 42

random or pseudo-random number generator (RNG or PRNG) and is random or pseudo-random in nature.

Question 43

Secure key management means that the exchange of keys is done securely using …

Answer 43

out-of-band mechanisms or approved key infrastructure that is secure as well.

Question 44

Secure key management means that the storage of keys is protected, preferably in a system that …

Answer 44

is not the same as that of the data, whether it is the transactional system or the backup system.

Question 45

Secure key management means that the rotation of the key where one key is replaced by another follows the appropriate process of …

Answer 45

first decrypting data with the old key that will be replaced and then encrypting data with the new key that is replacing the old key.

Question 46

Secure key management means that the archival and escrowing of the key is protected with appropriate …

Answer 46

access control mechanisms and preferably not archived in the same system as the one that contains the encrypted data archives.

Question 47

Secure key management means that the destruction of keys ensures that …

Answer 47

once the key is destroyed, it will never again be used.

Question 48

Adequate access control and auditing mean that for both internal and external users, access to the cryptography keys and data is …

Answer 48

granted explicitly; controlled and monitored using auditing and periodic reviews; not inadvertently thwarted by weaknesses such as insecure permissions configurations; contextually appropriate and protected, irrespective of whether the encryption is one-way or two-way.

Question 49

Some of the prevalent protection measures against race conditions or TOC/ TOU attacks are …

Answer 49

Avoid race windows; Atomic operations; Mutual Exclusion (Mutex).

Question 50

A race window is defined as …

Answer 50

the window of opportunity when two concurrent threads race against one another trying to alter the same object.

Question 51

Atomic operations mean that …

Answer 51

the entire process is completed using a single flow of control and that concurrent threads or control flow against the same object is disallowed.

Question 52

Mutual Exclusions or Mutex can be accomplished by …

Answer 52

resource locking, wherein the object that is accessed is locked and does not allow any alteration until the first process or threat releases it.

Question 53

PCI DSS prevents the storage of …

Answer 53

the primary account number (PAN) of the cardholder in the retailer’s point-of-sale (POS) systems on in a data store after it has been used in a transaction.

Question 54

Tokenization is the process of …

Answer 54

replacing sensitive data with unique identification symbols that still retain the needed information about the data, without compromising its security.

Question 55

Tokenization is usually evident in protecting cardholder information, its application can be extended to protect …

Answer 55

the confidentiality of any sensitive data, including banking transactions, medical records, criminal records, stock trading, and voter registrations.

Question 56

Sandboxing is the security mechanism that …

Answer 56

prevents software from running on a system accessing the host operating system; sandboxing is an example of the principle of least privilege.

Question 57

Examples of OS-level sandboxing are …

Answer 57

Unix chroot jail, AppArmor, and SELinux.

Question 58

Code signing (covered under Anti-Tampering techniques) ensures …

Answer 58

the integrity and authenticity of the software code, besides giving the code the runtime permissions needed to access the host’s sandboxed operating system.

Question 59

Anti-tampering techniques assure …

Answer 59

integrity assurance and protection against unauthorized and malicious alterations of the software code and/or the data.

Question 60

Some of the well-known anti-tampering techniques include …

Answer 60

obfuscation, protection against reverse engineering, and code signing.

Question 61

Obfuscation is the process of …

Answer 61

making the code obscure and confusing using a special program called the obfuscator so that even if the source code is leaked to or stolen by an attacker, the source code is not easily readable and decipherable.

Question 62

Reverse engineering can be used for security research and to determine vulnerabilities in published software.
Anti-Reversing Techniques is the process to prevent an attacker for …

Answer 62

gleaning information about the design and implementation details of the software from the object code.

Question 63

Code signing is the process of …

Answer 63

digitally signing the code (executables, scripts,

etc.) with the digital signature of the code author.

Question 64

Code signing assures …

Answer 64

the authenticity of published code (especially mobile code) besides providing integrity and anti-tampering protection.