Software Development Security Flashcards
What is threat modelling
process whereby potential threats are identified, categorised, and analysed.
Name some typical crossing points that can make up a total threat surface
TCP/IP ports
User login services
query fields on web pages
attachment points for removable media
devices
A popular threat model approach is called STRIDE which is a mnemonic for security threats in six categories
- Spoofing: Impersonating something or someone else.
- Tampering: Modifying something on disk, network, data, code or elsewhere.
- Repudiation: Claiming to have not performed an action.
- Information disclosure: Exposing information to someone not authorised to access it.
- Denial of Service: Exhaustion or degradation of services to users.
- Elevation of privilege: Gaining privileged capabilities without proper authorisation.
When creating a secure environment for an executable program, such as mobile code, it is important to
identify the resources the program needs and then provide limited access to these resources to protect against potential threats
Two control mechanisms can be used to limit the risk to the user in relation to mobile code:
Attempt to run code in a restricted environment where it cannot do harm, such as in a sandbox
Cryptographic authentication, via digital certificates and signatures on mobile code elements, can be used in an attempt to authenticate where the code is coming from
What was another name for first generation programming languages
machine language
What was another name for second generation programming languages
assembly language
What was another name for third generation programming languages
Higher order languages COBOL, FORTRAN, BASIC, Java and C
What was another name for fourth generation programming languages
very high-level languages e.g. include report generators and application generators.
Sometimes 5th generation languages are known as
constraint-based or logic programming languages - using expressions and arguments to program rather than traditional source code
Two principal security concerns are worth noting with regard to the widespread use of fourth generation languages today:
Almost all the “codeless programming” platforms and environments end up being substantially tailored by end-user organizations
By being created to make it simple for nonprogrammers to create programs, and in so many ways, millions of people with virtually no security training or awareness use them on a daily basis around the world. And almost all that usage is beyond any organizational security or configuration management purview.
This is a set of standards that addresses the need for interoperability between hardware and software products residing on different machines across a network.
CORBA
The CORBA security service supports four specific types of policies:
Access control
Data protection
Non-repudiation
Auditing
Is commercial-off-the-shelf (COTS) software more dangerous than bespoke software written in-house?
Yes, COTS increases the potential of security faults. Often the one-size-fits-all nature of COTS can mean that security is too generic or just doesn’t exist. Sometimes it can be considered, but only after thorough risk assessment.
A covert channel may be defined as a communication channel that allows processes to transfer information in such a way to
violate some security policy or requirement
Time of Check vs. Time of Use (sometimes written as TOCTOU or TOC/TOU) is seemingly a very common type of attack that occurs when
control information changes between the time the system security functions check the contents of variables and the time the variables actually are used during operations.
What is a race condition
this may exist when the output of a specific architecture is dependent on the timing of certain events, but somehow those events are not done in the proper sequence.
To avoid TOCTOU attacks, the operating system should use the concept of
Software locking
To protect against a race condition attack from taking place within a system, the security professional needs to ensure that
the architecture and design of the operating system and the programs that run on top of it are not allowing critical tasks to be split up for execution. To ensure this does not happen, the use of atomic operations needs to be enforced within the system.
What is the difference between a race condition and a TOCTOU attack
A race condition implies that two processes will be forced to execute out of sequence, allowing the attacker to control or manipulate the outcome.
While a TOCTOU attack may happen as a result of the attacker inserting themselves in between two processes as they are executing, causing a redirection of the second process in some way to control or manipulate the outcome.
What is a between the lines attack
This occurs when the telecommunication lines used by an authorized user are tapped into and data falsely inserted or injected.
How do you prevent a between the lines attack
the telecommunication lines should be physically secured so that they cannot be accessed by unauthorized individuals, and users should not leave telecommunication lines open when they finished with them and those lines are not being used anymore.
What is a trapdoor or backdoor
a hidden mechanism that bypasses access control measures.
Database attacks: Aggregation or inference
The ability to combine non-sensitive data from separate sources to create sensitive information is referred to as aggregation.
Being able to aggregate information may lead to inference possibilities. Inference is the ability to deduce more sensitive information than you should be allowed.
Database attacks: Bypass Attacks
attackers may be able to find ways into the database without going through the query engine interface or its command line interpreter
Database attacks: Compromising database views used for access control
Attackers may try to modify a view with capabilities they have - a database view typically limits the data the user sees not the operations they may perform on the views
Database attacks: exploits agains alternative but not quite equivalent access routes
the layered model frequently used in database interface design may provide multiple alternative routes to the same data, not all of which may be adequately protected
Database attacks Data contamination
Attackers can attempt to use malformed inputs at the field, record, transaction, or file level, to disrupt the proper functioning of the system.
Database attacks Deadlocking
Simultaneous queries designed to deadlock records
What does a database model do
describes the relationship between the data entities within the database and provides a framework for organizing the data.
IT IS NOT A DATA MODEL
At minimum, any database model needs to provide the following requirements:
Transaction persistence
Fault tolerance and recovery
Sharing by multiple users
Security controls
What does the term ACID mean
Atomicity: A transaction is either completed in its entirety or not at all
Consistency: All integrity conditions in the database are maintained with each transaction
Isolation: Each transaction is isolated from other transactions
Durability: If a transaction is reported to user as complete, the changes to database survive hardware or software failures
What is the difference between a database model and a data model
Database models identify the specific organisation, structure, tools and architecture that the DBMS can provide to users
Data models describe specific types of data used by an organisation,
Give examples of database models
Hierarchical model
Network database model
Relational database model
How does a hierarchical database management model store data
This model stores data in a series of records that have field values attached to each record. It collects all the instances of a specific record together as a record type
To create links between the record types, the hierarchical model needs to use parent and child relationships through the use of tree structures.
What is an obvious weakness in the hierarchical database model
is only able to cope with a single tree and is not able to link between branches or over multiple layers.
How does a network database model store data
It stores data in the form of related records that form a network
The network database model is also known as
the CODASYL model (Conference on Data Systems Languages)
The network model finds two powerful applications in todays marketplaces
- High performance, high volume storage management
- Graph databases
What are the three SQL sublanguages
Data Definition Language DDL,
Data Manipulation Language DML
Data Control Language DCL
Many security professionals are concerned about the use of ActiveX Data Objects ADO because
there are no configurable restrictions on its access to the underlying system.
What does OWASP stand for
Open Web Application Security Project
True or False: According to Open Web Application Security Project (OWASP) 2017, the most common web vulnerability is injection.
TRUE
In regard to session management, Hypertext Transfer Protocol (HTTP) is a stateless technology. Therefore, periods of apparent attachment to the server are controlled by other technologies such as cookies or URL data. How should cookies be protected?
A. Encryption
B. Random and unique identifiers
C. Both A and B
D. None of the above
C (Both A and B)
What is the difference between a virus and a worm
a worm can propagate without user action. In other words, they do not rely on human involvement, instead they spread across networks of their own accord, primarily by exploiting known vulnerabilities in common software.
Which spread faster worms or viruses
The lack of requirement for user involvement means that worms have a significant speed advantage and therefore, can spread very rapidly and much faster than viruses. Some viruses have been able to spread to many hosts measured in days, whereas worms can travel worldwide in hours or even minutes.
What are hoaxes
Hoaxes generally carry an instruction to the user to forward the warning to all contacts available to the user.
What is a Trojan
A Trojan is a program that can be seemingly useful, but it also contains something unknown that will do something malicious.
Remote access Trojans
RAT The intent is to have easy access to the host remotely after the RAT has been installed on the remote host
DDOS Zombies
These computers in between the master and the target are sometimes called agents or clients but most often are referred to as zombie programs as they are not really aware that they are contributing to a DoS attack.
Logic bombs
Software programs set up to run in a dormant state until a specific condition or set of conditions exist and then activate their negative payload. The condition that a logic bomb waits for can be related to a certain date or time, or specific conditions related to system and architecture parameters.
Why are the terms spyware and adware often confused?
Companies involved with spyware and adware have been quite active in promoting the confusion of definitions and terms. Vendors and developers of anti-spyware programs have frequently found themselves targets of lawsuits alleging that the identification of programs as spyware is defamation.
What is a botnet
a network of automated systems or processes (robots or for short, bots) performing a specific function together, usually malicious. Botnets have greatly magnified the power and speed of malicious operations because they all work together toward achieving a malicious goal, and they have allowed for tuning and directing of operations in a way that was not possible with malicious programs in the past.
There are three approaches to how antivirus software technology is able to work:
Known signature scanning
Activity monitoring
Change detection
Malware protection: Scanners
Also known as signature scanners they look for search strings whose presence is characteristic of a known virus. In other words, they look for known signatures of known viruses and malware
Malware protection: Heuristic Scanners
One of the latest technologies used for scanning is what is referred to as intelligent analysis of unknown code, currently referred to as heuristic scanning.
More closely associated with activity monitoring functions than signature scanning,
looks for suspicious sections of code that may try to modify code or change permissions
Malware protection: Activity monitors
An activity monitor performs a task very similar to an automated form of traditional auditing: it watches for and flags what may be suspicious activity.
Malware protection: Change detection
examines system or program files and configurations, stores the information, and compares it against the same program files and configurations on a regular basis to look for changes.
Malware protection: Reputation monitoring
Zero day and Zero hour exploits do not have signatures that can be picked up by scanners. Reputation monitoring boosts protection by assessing the reputation of websites for immediate and potential threats
Do IDS and IPS systems actively screen files for malware
No - the normally protect based on URLs URIs and IP addresses
Do IDS and IPS systems allow malware through
Yes, this is the only way that malware can be examined
Via the integration of continuous monitoring and endpoint data collection, ______ can be an effective endpoint security option.
Endpoint detection and response
Fast, Lean Development Methods: Reuse Model
In this model, an application is built from already existing and tested components.
Fast, Lean Development Methods: Spiral Method
A nested version of the original waterfall method, the development of each phase is carefully designed using the waterfall model, but the distinguishing feature of the spiral model is that in each phase we add four sub-stages, based on what is known as the Deming Cycle: Plan, Do, Check, Act (PDCA).
Fast, Lean Development Methods: Prototype
In prototyping, the objective is to build a simplified version of the entire application, release it for review, and use the feedback from the stakeholders to review to build a second, much better version.
Fast, Lean Development Methods: Modified Prototype Model
A refined form of the above prototyping methodology that is ideal for web application development, MPM allows for the basic functionality of a desired system or component to be formally deployed in a quick time frame. The maintenance phase is set to begin after the deployment. The goal is to have the process be flexible enough so that the application is not based on the state of the organization at any given time. As the organization grows and the environment changes, the application evolves with it rather than being frozen in time.
Fast, Lean Development Methods: Cleanroom
This methodology is focused on controlling and, at best, avoiding defects and bugs in the software. The emphasis is to write the code correctly the first time rather than trying to find the problems once they are already there and trying to address them later. Essentially, cleanroom software development focuses on defect prevention rather than defect removal.
Fast, Lean Development Methods: Extreme Programming
this model relies on simplicity of the process, communication between all involved stakeholders, including security, and feedback to ensure requirements are addressed properly.
Fast, Lean Development Methods: Agile Development
Agile development follows patterns of activities such as “scrum,” “sprint,” or “safe” to manage change and develop and deploy working, reliable, and verifiable function.
What is a companion virus
This is a virus that does not infect a file but makes use of operating system features to trigger before or instead of the target file. In MS-DOS, for example, when a command is given, the system checks first for internal commands, then .COM, .EXE, and .BAT files, in that order. .EXE files can be infected by writing a .COM file in the same directory with the same filename.
The term multipartite was originally used to indicate a virus that was able to _____
Current understanding and usage tends to mean a virus that
- to infect both boot sectors and program files at the same time.
- can infect more than one type of object or that infects or reproduces in more than one way.
What is STRIDE
A Popular threat modelling Mnemonic
Spoofing: Impersonating something or someone else.
Tampering: Modifying something on disk, network, data, code or elsewhere.
Repudiation: Claiming to have not performed an action.
Information disclosure:
Exposing information to someone not authorized to access it.Denial
What are the two types of policy
Administrative policies and technical policies
Which hashing algorithms should not be used
SHA-1 and Md5
Is Oauth 1.0a Secure
OAuth 1.0a is the most secure of the three common protocols. The protocol uses a cryptographic signature that is usually HMAC-SHA1 value that combines the token secret, nonce, and other request-based security information. The great advantage of OAuth 1 is that the token secret is never sent across the wire, which completely eliminates the possibility of anyone seeing the password while in transit.
True or false OAuth 2’s current specification removes signatures so there is no requirement to use cryptographic algorithms to create, generate, and validate signatures.
true
What are the benefits of using code libraries?
- Increased dependability (software patches)
- Reduced process risk (if the software exists we immediately know the cost of the software)
- Effective use of specialists (genuine experts develop the specialist components)
- Standards compliance (e.g. user interface)
- Accelerated development
Source Code Analysis Tools: What does Static application security testing (SAST) do
Analyzes the source code to look for common programming errors, compliance with programming guidelines and templates, and other potential sources of errors that are visible in the source code.
It does not actually test the code by executing it, so it’s a bit of a misnomer to call it a “security testing” approach.
Source Code Analysis Tools: What does Dynamic application security testing (DAST) do
Sometimes called “fuzz testing,” this approach can run tens of thousands of test cases (or more) against an app
