defensive coding techniques pt 1
play

Defensive Coding Techniques (Pt. 1) Engineering Secure Software - PowerPoint PPT Presentation

Aug 28, 2022 •316 likes •561 views

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Defensive Coding vs. Risk Analysis Risk Analysis All about domain, assets,

  1. Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. Defensive Coding vs. Risk Analysis Risk Analysis ● All about domain, assets, threats, what-ifs ○ Global-minded ○ Prioritization is critical ○ Defensive Coding ● One small change in code → big change in risk analysis ○ e.g. storing passwords in the customer table vs. user table ■ e.g. website allowing uploading files for one feature ■ “Weakest link” mentality ○ Less about prioritization ■ Technology-specific ■ We should always code defensively. ● SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. Defensive Coding Principles Writing insecure code is surprisingly easy ● Arcane coding assumptions ○ Many different technologies to know ○ Maintainability still counts ● Duplicate code is even harder to secure ○ Vulnerabilities often have regressions and incomplete fixes ○ Know thy API’s ● Misusing an API in the wrong context can be a vulnerability ○ e.g. an XML parser that also executes includes ■ Copying from internet examples without understanding? For ○ shame. Don’t be paranoid; know what you can trust ● SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. Complexity “Complexity is the enemy of security” — Gary McGraw ● Structural complexity ● Lots of interconnected subsystems → architectural complexity ○ Lots of if -statements and loops → cyclomatic complexity ○ Cognitive complexity ● Lack of understanding → mistakes (vulnerabilities) ○ How much do I have to think about how this feature works? ○ Subjective, but important ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. Complexity “Complexity is the enemy of security” — Gary McGraw ● Complexity of inputs → big security risks ● e.g. apps to operating systems ○ e.g. web pages to web browsers ○ e.g. video files ○ e.g. font files ○ Obviously no vulnerabilities (vs. no obvious vulnerabilities) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. Know the Tree of Knowledge A lot of defensive coding comes down to clever tricks ● CWE ○ Why we do VOTD ○ Understanding history tells us what’s common and possible ● CVE ○ Why we do case studies ○ Makers of any technology understand their own limitations ● Read the guidelines provided by originators and experts ○ Many situations don’t apply to you, but some very much will ○ ■ Java: https://www.oracle.com/java/technologies/javase/seccodeguide.html C++: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682 ■ SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. Validating Input Input validation is blocking bad inputs ● Black list ● Enumerate the bad stuff ○ Drawback: infinite, easy to get around ○ Benefit: react quickly (if no re-compilation), straightforward ○ e.g. virus definitions ○ White list ● Only accept known good input ○ Often done with regular expressions ○ Drawbacks: ○ Sometimes not possible to block certain characters ■ Often requires re-compilation and patches ■ Recommendation: do both, but prefer a white list ● SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Input in Many Forms Not always strings and numbers ● Consider: images with metadata ● PHP had many issues with EXIF JPEG metadata ○ Adobe Acrobat and embedded fonts ○ Java with ICC and BMP ○ CVE-2007-2789 ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. Sanitizing Input Instead of blocking input, sanitize it ● All input comes in, but it’s manipulated ○ Convert it to something that won’t be interpreted as code ○ Usually utilizes escape characters ○ e.g. HTML: < is &lt; ■ e.g. Java: “ is \“ ■ Drawback: ● Need to know everything to escape ○ Very blacklist-like ○ False positives are also annoying ○ Need to remember to do it… everywhere ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 9

  10. Simplify Input Instead of blocking or sanitizing input, convert it to a simpler ● form Examples: ● Convert a number in a string to an integer (even if you then put ○ it back into a string) str = “123 <script>” i = “123 <script>” return “$#{str.to_i}” # returns “$123” return “$” + str(int(re.sub(r“[^0-9]”, “”, i)) Ruby Python Canonicalization for filepaths ○ Convert date strings to Epoch dates (i.e. integer MS since Jan 1, ○ 1970) SWEN-331: Engineering Secure Software Benjamin S Meyers 10 10

  11. Simplify Input Pros ● Reduces if-complexity (“what if” scenarios) ○ Simplifies future operations ○ You KNOW what is there ○ Cons ● Simplifying takes work ○ Can your input truly be simplified? ○ Note: “normalize input” has a different meaning in a Machine ● Learning context SWEN-331: Engineering Secure Software Benjamin S Meyers 11 11

  12. Exception Handling Most weird (or unexpected) behavior results in an exception ● Handle the exceptions you know about ○ Know that sometimes, some get away ○ Design your system to handle exceptions at the top-level ● e.g. Java: catch Throwable not Exception ○ e.g. JSP: <%@ page errorPage=“exceptionHandler.jsp” %> ○ For maintainability and complexity: ● Avoid promoting unnecessarily (e.g. throws Exception ) ○ Deal with related exception in one place, near the problem ○ e.g. wrapper around private methods in a class ■ Sheer laziness: try{something();} catch{} ● SWEN-331: Engineering Secure Software Benjamin S Meyers 12 12

  13. finally Don’t forget about the finally clause! ● Anything in the finally clause gets executed no matter what ○ Good for cleanup of resources ○ public void something() { Connection conn = null; try { conn = getConnection(); // do db stuff } catch (SQLException e) { // handle the exception } finally { DBUtil.closeConnection(conn); } } SWEN-331: Engineering Secure Software Benjamin S Meyers 13 13

  14. Think of the Children Subclassing overrides methods ● In untrusted API situations, make sure you can’t be extended ○ and have a sensitive method overridden Use the final keyword: public final class Countdown{} ○ Malicious subclasses can override the finalize() method to ● resurrect objects Gets executed right before the object goes to garbage collector ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 14 14

  15. Think of the Children Malicious subclasses can override the finalize() method to ● resurrect objects public class ClassLoader { public ClassLoader() { securityCheck(); init(); } private securityCheck() { … }; private init() { … }; } SWEN-331: Engineering Secure Software Benjamin S Meyers 15 15

  16. Think of the Children Malicious subclasses can override the finalize() method to ● resurrect objects public class MaliciousCL extends ClassLoader { static ClassLoader cl; @Override protected void finalize() { cl = this; } public static void main(String[] args) { try { new MaliciousCL(); } catch (SecurityException e) { … } System.gc(); System.runFinalization(); System.out.println(cl); } } SWEN-331: Engineering Secure Software Benjamin S Meyers 16 16

  17. Immutability in Object-Oriented Programming Setters are evil (except the Irish kind) ● What if we construct, run, set, then run again? ○ Unnecessarily increases complexity ○ Violates encapsulation ○ Don’t just throw setters in if you don’t have a reason ○ Beans are one exception to this rule ● Functionality is only get and set ○ Little other functionality ○ Mapping to validation ■ Mapping to relations ■ Prefer immutable types ( final keyword) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 17 17

  18. Global Variables Global variables are dangerous ● Mutable global variables are very dangerous ● Unnecessarily increased complexity ○ Tampering concern in an untrusted API ○ Nice try, but still doesn’t count: ● public static final List<String> list = new ArrayList<String>(); SWEN-331: Engineering Secure Software Benjamin S Meyers 18 18

  19. Global Variables Global variables are dangerous ● Mutable global variables are very dangerous ● Unnecessarily increased complexity ○ Tampering concern in an untrusted API ○ Nice try, but still doesn’t count: ● public static final List<String> list = new ArrayList<String>(); Instead: java.util.Collections.unmodifiableList() ● public static final List<String> list = new unmodifiableList(asList(“Alice”, “Bob”, “Charlie”)); SWEN-331: Engineering Secure Software Benjamin S Meyers 19 19

  20. Concurrency is Always a Risk Treat anything concurrent with initial distrust ● Race conditions → denial of service ○ Shared memory → potential leakage ○ Weird circumstances → potential tampering ○ Concurrency is ubiquitous ● Webapps, databases, GUI’s, games, etc. ○ Common poor assumptions ● “There will be only one copy of this thread” ○ “There will only be X threads” ○ “Nobody knows about my mutability” ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 20 20

Recommend

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Last Time... Always code defensively Validating input Principles

476 views • 19 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter Buchlovsky 8. March 2004 University of Birmingham 1 Contents 1. Call-stacks, shellcode, gets 2. Exploits stack-based, heap-based 3. Defensive

1.56k views • 123 slides
Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State

Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State

Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State University Initial Pass Rush Thoughts There are natural pass rushers but this phase can be developed and refined by all players It is very similar to a

377 views • 15 slides
A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques

A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques

A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques Outline Coding Performance Whats Next Q &amp; A AOMedia and AV1 Coding Techniques Outline Coding Performance Whats Next Q &amp; A Video

1.01k views • 56 slides
KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive Investment climate Key rate trends and outlook The European and US economies are restarting relatively quickly. 3,0 3,0 High-frequency indicators

388 views • 11 slides
In the next 15 minutes we will: Look at some different techniques to help your children with

In the next 15 minutes we will: Look at some different techniques to help your children with

In the next 15 minutes we will: Look at some different techniques to help your children with revision. - Mnemonics - Memorising techniques - Creating a journey story The 4 key things that aid memory 1. Dual coding (words and pictures /

616 views • 15 slides
KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive Investment climate Substantial economic contraction, uncertain outlook Key rate trends and outlook 3,0 3,0 Initial estimates suggest that the euro

457 views • 11 slides
Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive programming and design, Announcements intermission part 2 Stephen McCamant Techniques for privilege separation University of Minnesota, Computer

577 views • 5 slides
Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and

Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and

Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and Stuff Ive Been Working on in Houdini/Blender/VR in the context of the larger problems we face in Astronomy Who Are you? Jill P. Naiman NSF+ITC

878 views • 59 slides
New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou.

New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou.

New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou. ou.edu du) University of Oklahoma Yan Liang, Andrew Halterman, Khaled Jabr, Christan Grant, Jill Irvine Large - Events Limited Who terabytes

244 views • 23 slides
Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec

Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec

Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec Rostislav Pehlivanov atomnker@gmail.com 2016-01-30 Some things happened... AOMedias codec has begun development

672 views • 28 slides
CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

7/22/2019 GREATER NY HEALTHCARE FACILITIES ASSOCIATION THE PROOF IS IN THE pudding CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA Vice President The CHARTS Group CMSs MESSAGE: If you do

836 views • 42 slides
Coding and Applications in Sensor Networks Why coding? Information compression

Coding and Applications in Sensor Networks Why coding? Information compression

Coding and Applications in Sensor Networks Why coding? Information compression Robustness to errors (error correction codes) Two categories: Source coding Channel coding Source coding Compression. What is the

916 views • 72 slides
Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A diagnosis coding methodology utilized in risk adjustment models to adjust cost for all patients within a health plan or group Risk

385 views • 23 slides
Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding?

Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding?

Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding? Why coding? Information compression Robustness to errors (error correction codes) Two categories: Two categories: Source

505 views • 23 slides
Coding / Decoding the Cosmos: Python Applications in Astrophysics Chihway Chang (ETH Zrich)

Coding / Decoding the Cosmos: Python Applications in Astrophysics Chihway Chang (ETH Zrich)

Coding / Decoding the Cosmos: Python Applications in Astrophysics Chihway Chang (ETH Zrich) Disclaimer Disclaimer Disclaimer This is not your typical computer-science talk. You will probably not learn new fancy coding techniques

602 views • 34 slides
OPEN CODING A n a l y z i n g Q u a l i t a t i ve D a t a OPEN CODING part of many

OPEN CODING A n a l y z i n g Q u a l i t a t i ve D a t a OPEN CODING part of many

Developed by Alice Thudt OPEN CODING A n a l y z i n g Q u a l i t a t i ve D a t a OPEN CODING part of many qualitative analysis methods, e.g. Grounded Theory labeling concepts &amp; developing categories from data bottom up

405 views • 29 slides
OPEN CODING A n a l y z i n g Q u a l i t a t i v e D a t a OPEN CODING part of many

OPEN CODING A n a l y z i n g Q u a l i t a t i v e D a t a OPEN CODING part of many

Alice Thudt OPEN CODING A n a l y z i n g Q u a l i t a t i v e D a t a OPEN CODING part of many qualitative analysis methods, e.g. Grounded Theory labeling concepts &amp; developing categories from data bottom up approach

377 views • 18 slides
CCN &amp; Network Coding Cedric Westphal Huawei and UCSC ICN &amp; Network Coding - RFC7933

CCN &amp; Network Coding Cedric Westphal Huawei and UCSC ICN &amp; Network Coding - RFC7933

CCN &amp; Network Coding Cedric Westphal Huawei and UCSC ICN &amp; Network Coding - RFC7933 9.5. Network Coding for Video Distribution in ICN An interesting research area for combining heterogeneous sources is to use network coding

248 views • 10 slides
Coding for Everyone How your library can help anyone learn to code July 19, 2016 Kelly Smith

Coding for Everyone How your library can help anyone learn to code July 19, 2016 Kelly Smith

Coding for Everyone How your library can help anyone learn to code July 19, 2016 Kelly Smith Coding for Everyone Code Club Story Guiding Principles Coding for Pre-readers (3-7) Coding for Tweens (8-12) Coding for Teens

570 views • 30 slides
Transform Coding - Overview Principle of block-wise transform coding Properties of orthonormal

Transform Coding - Overview Principle of block-wise transform coding Properties of orthonormal

Transform Coding - Overview Principle of block-wise transform coding Properties of orthonormal transforms Discrete cosine transform (DCT) Bit allocation for transform coefficients Threshold coding Typical coding artifacts Fast implementation

2k views • 24 slides
Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser

Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser

Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser use only To watch over and guard Headlines Sentinel Defensive Fund Tough start for the Fund Sentinel Perfect storm Falling

202 views • 17 slides
A Simple Theory of Defensive Patenting Jing-Yuan Chiou March 2005 Working Paper Patent System

A Simple Theory of Defensive Patenting Jing-Yuan Chiou March 2005 Working Paper Patent System

A Simple Theory of Defensive Patenting Jing-Yuan Chiou March 2005 Working Paper Patent System as an incentive scheme Rewards are indirect, and are realized only under credible threat of enforcement The role of Defensive Patents: threat of

255 views • 8 slides

More recommend