Software security Flashcards
sdlc
software development life cycle
what is the sdlc process
risk assessment (requirements) threat modelling and design review (design) security testing and code review(testing) static analysis (development) static assessment and secure configuration (deployment)
SDLC process
requirements design development testing deployment
defensive programming
when a programmer anticipates problems and writes code to deal with them
different forms of defensive programming
input validation heed compiler warnings architect and design for security policies keep it simple default dent adhere to principle of least privelage sanitize data sent to other systems practice defense in depth use effective quality assurance techniques adopt secure coding standard
principle of least privilege
every process should execute with the least set of privilages necessary to complete the job. Any elevated permission should only be accessed for the least amount of time required to complete the privileged task
what does it mean to practise defense in depth
manage risk with multiple defensive strategies so that if one layer of defense turns out to be inadequate, another layer of defense can prevent a security flaw from becoming exploitable vulnerability
what does default entry refer to
base access decisions on permission rather than exclusion. By default, access should be denied
owasp
open web application security project
owasp top 10 web application security risks
injection flaws broken authentication sensitive data exposure xml external entries broken access control security misconfiguration cross-sire scripting insecure deserialization using components with secure vulnerabilities insufficient logging and monitoring
what are the consequences of non secure development?
??
Threat modelling
structured process with these objectives:
- identify security requirements
- pinpoint security threats and potential vulnerabilities
- quantify threat and vulnerability critically and
- prioritize remediation methods
artifacts created by threat modelling
abstraction of system
profiles of potential attackers - including goals and methods
a catalog of threats that could arise
what is STRIDE
evaluates system detail design.
Models the in place system by building data flow diagrams
identify system entries, events and the boundaries of the system
Stride applies the general set of known threats
general set of threats that Stride applies
Threat, definition, property violated
spoofing - pretending to be someone/thing other than self, authentication
tampering - modifying something, integrity
repudiation - claiming that you did not do something/were not responsible, non-repudiation
information disclosure - providing information to someone that is not authorized to access that information, confidentiality
denial of service - exhausting resources needed to provide service, availability
elevation of privilege - allowing someone to do something that they are not authorized to do, authorization
