no more whack a mole
play

No More Whack-a-Mole: How to Find and Prevent Entire Classes of - PowerPoint PPT Presentation

Mar 10, 2024 •36 likes •426 views

No More Whack-a-Mole: How to Find and Prevent Entire Classes of Security Vulnerabilities Sam Lanning @samlanning @samlanning A story of many bugs (CVE-2017-8046) 7 September 2017 22 September 2017 27 September 2017 Mo

  1. No More Whack-a-Mole: How to Find and Prevent Entire Classes of Security Vulnerabilities Sam Lanning @samlanning @samlanning

  2. A story of many bugs (CVE-2017-8046) 7 September 2017 22 September 2017 27 September 2017 Mo privately discloses vulnerability Mo checks patch, sees it’s incomplete Mo checks patch, sees it’s still incomplete and exploit in Spring Framework sends updated exploit to Pivotal sends updated exploit to Pivotal 21 September 2017 26 September 2017 25 October 2017 Pivotal publish a patch, and make an Pivotal sends Mo details of Pivotal publishes a complete refactor announcement. second attempt at fix of relevant code to hopefully prevent further occurrences. https://lgtm.com/blog/spring_data_rest_CVE-2017-8046_ql Securing software, together

  3. A story of many bugs 2 27 April 2016 20 June 2016 22 September 2017 S2-032 / CVE-2016-3081 S2-037 / CVE-2016-4438 S2-046 / CVE-2017-5638 RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL Nike Zheng Chao Jack, Shinsaku Nomura Chris Frohoff, Nike Zheng, Alvaro Munoz 12 May 2016 19 March 2017 24 September 2018 S2-033 / CVE-2016-3087 S2-045 / CVE-2017-5638 S2-057 / CVE-2018-11776 RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL RCE in Apache Struts 2 via OGNL Alvaro Munoz Nike Zheng Man Yue Mo See Also: CVE-2012-0394, CVE-2013-1966, CVE-2012-0391, CVE-2013-2115, CVE-2012-0393 Securing software, together

  4. https://www.reddit.com/r/gifs/comments/2nyeb1/arcade_game_for_cats/ Securing software, together

  5. Solution: When a new mistake is discovered, try and find similar mistakes across your code base Securing software, together

  6. Variant Analysis? “After doing this [root cause analysis], our next step is variant analysis : finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch them simultaneously, otherwise we bear the risk of these being exploited in the wild.” - Steven Hunter, MSRC Vulnerabilities & Mitigations team https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  7. Securing software, together

  8. Code Navigation / IDE Securing software, together

  9. Securing software, together

  10. Automating Variant Analysis Could we describe a mistake in a way that lets us automatically find other instances? Securing software, together

  11. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  12. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  13. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  14. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  15. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  16. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  17. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  18. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  19. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  20. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  21. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  22. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  23. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  24. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  25. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  26. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  27. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  28. An Example: Chakra https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  29. An Example: Chakra *slightly modified query from: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/ Securing software, together

  30. Beyond your own code ➔ Make your (general-purpose) mistake descriptions open source! ➔ Use external mistake descriptions! Securing software, together

  31. ZipSlip https://snyk.io/research/zip-slip-vulnerability Securing software, together

  32. ZipSlip ../../../.bashrc ../../../../../../../../../etc/crontab https://snyk.io/research/zip-slip-vulnerability Securing software, together

  33. ZipSlip https://snyk.io/research/zip-slip-vulnerability Securing software, together

  34. ZipSlip https://snyk.io/research/zip-slip-vulnerability Securing software, together

  35. Fituing in to your workflow publish / make use external open-source knowledge Diagnose Monitor Security bug Describe mistake root-cause continuously improve description - Bug Bounty program Discover - Pen testing Discover variants unreleased - Code review variants - Audit deploy Fix - Error logs Fix in code Fix original bug Fix variants review deploy Fix Securing software, together

  36. No vulnerability response process? Securing software, together

  37. What variant analysis is NOT ➔ A replacement for good security architecture, a way to avoid large refactors ➔ A replacement for exploit mitigation ➔ A replacement for other security processes ➔ Something that automatically fixes bugs / vulnerabilities. Securing software, together

  38. Recap ➔ You should do variant analysis ➔ Better yet, you should do automated variant analysis ➔ Use and contribute to the shared knowledge / checks ➔ Checks should be run continuously, not once-off! ➔ VA compliments (not replaces) other security practices Securing software, together

  39. Thank You Sam Lanning semmle.com @samlanning @Semmle @samlanning

Recommend

CSEE 4840 WhAck-A-MoLe Georgios Charitos Aditya Bagri gc2662 aab2234 Jai Sharma Astha

CSEE 4840 WhAck-A-MoLe Georgios Charitos Aditya Bagri gc2662 aab2234 Jai Sharma Astha

CSEE 4840 WhAck-A-MoLe Georgios Charitos Aditya Bagri gc2662 aab2234 Jai Sharma Astha Agrawal js4473 aa3755 Whac-A-Mole The Game The logic of the game is straightforward: Hit as many moles as possible with the hammer.

692 views • 19 slides
AD36 - Distributed Scrum Teams Whack-a-Mole- Creative

AD36 - Distributed Scrum Teams Whack-a-Mole- Creative

AD36 Leading & Coaching Teams 11:30 AM AD36 - Distributed Scrum Teams Whack-a-Mole- Creative Solutions to - Common

795 views • 50 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -> NFP

668 views • 24 slides
EATING DISORDERS EXPLAINED FROM A TRAUMA LENS LESLIE BINCH, LPC-MHSP WHACK A MOLE RECOVERY

EATING DISORDERS EXPLAINED FROM A TRAUMA LENS LESLIE BINCH, LPC-MHSP WHACK A MOLE RECOVERY

2020-04-14 EATING DISORDERS EXPLAINED FROM A TRAUMA LENS LESLIE BINCH, LPC-MHSP WHACK A MOLE RECOVERY FROM AN EATING ADDICTIONS VS. EATING DISORDER DISORDER IS NOT LIKE QUITTING DRUGS AND ALCOHOL. The Symptoms INABILITY TO TOLERATE

275 views • 11 slides
The Mole, and Percent Composition by Mass 1. A mole is a certain

The Mole, and Percent Composition by Mass 1. A mole is a certain

The Mole, and Percent Composition by Mass 1. A mole is a certain ______________________________________________ You could have a mole of ________________________________________________________ 2. A mole is ________________ of something. Which

529 views • 13 slides
Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as

Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as

Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. The Mole, Empirical, and Molecular Formulas 1 mol of electrons = 6.022 x 10 23 electrons 1 mol of H 2 O

307 views • 7 slides
Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable

Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable

5/22/2014 Contemporary Diagnosis of Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable degrees of trophoblastic Nancy Joseph, MD, PhD hyperplasia and villous hydrops. Department of Pathology WHO,

298 views • 19 slides
Restless bandits with controlled restarts: Indexability and computation of Whittle index Nima

Restless bandits with controlled restarts: Indexability and computation of Whittle index Nima

Restless bandits with controlled restarts: Indexability and computation of Whittle index Nima Akbarzadeh, Aditya Mahajan McGill University, Electrical and Computer Engineering Department Dec. 13, 2019 1/23 Whack a Mole 2/23 Applications

545 views • 26 slides
Mole concept There are 6,02 x 10 23 atoms in 12 g of carbon-12. Avogadros constant (N A ) 1

Mole concept There are 6,02 x 10 23 atoms in 12 g of carbon-12. Avogadros constant (N A ) 1

Mole concept There are 6,02 x 10 23 atoms in 12 g of carbon-12. Avogadros constant (N A ) 1 Mole is the amount of substance containing as many particles (atoms, ions, molecules) as there are atoms found in 12 g carbon-12. One mole of atoms

1.44k views • 121 slides
Mole - mole calculations Calculations from chemical equations A balanced chemical equation

Mole - mole calculations Calculations from chemical equations A balanced chemical equation

Mole - mole calculations Calculations from chemical equations A balanced chemical equation Given: If you know the amount of any reactant or product involved in the reaction: A known quantity of one of the reactants/product (in moles)

128 views • 11 slides
Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for nicotine is C 10 H 14 N 2 Slide 2 / 29 The Mole Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. 1 mol of

317 views • 13 slides
Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for nicotine is C 10 H 14 N 2 Slide 2 / 29 The Mole Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. 1 mol of

327 views • 10 slides
Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for

Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for

Slide 1 / 29 Unit 3 - Presentation A The Mole, Empirical, and Molecular Formulas The molecular formula for nicotine is C 10 H 14 N 2 Slide 2 / 29 The Mole Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. 1 mol of

573 views • 29 slides
Armed Forces Covenant Page 17 Mole Valley Mole Valley Minute Item 38/16 Who are the Armed

Armed Forces Covenant Page 17 Mole Valley Mole Valley Minute Item 38/16 Who are the Armed

Armed Forces Covenant Page 17 Mole Valley Mole Valley Minute Item 38/16 Who are the Armed Forces Community in Surrey? Page 18 Serving Personnel Cadets Families Veterans Surrey (Regular and Reserve Units) High density of training 16 1

334 views • 18 slides
Dr Roger Miles - Mole Solutions Ltd IPIC2019 London (c) Mole Solutions 2019 Underground

Dr Roger Miles - Mole Solutions Ltd IPIC2019 London (c) Mole Solutions 2019 Underground

Underground Logistics Systems the freight transport mode for 21 st Century Supply Chains. Dr Roger Miles - Mole Solutions Ltd IPIC2019 London (c) Mole Solutions 2019 Underground Logistics Systems (ULS) Executive Summary Road freight

293 views • 11 slides
pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l

pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l

XIS IST pr promoter meth thylatio ion status as as pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l tum tumors Joo oo Lob Lobo Sand ndra ra Nu Nunes, nes, Vera ra Gon Gonal

635 views • 22 slides
pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l

pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l

XIS IST pr promoter meth thylatio ion status as as pu putativ ive mole olecular bi biomarker for or tes estic icula lar ger erm cel cell l tum tumors Joo oo Lob Lobo Sand ndra ra Nu Nunes, nes, Vera ra Gon Gonal

356 views • 19 slides
Mole Mapping: Managing High Risk Patients through Imaging 1 Disclosures Chief

Mole Mapping: Managing High Risk Patients through Imaging 1 Disclosures Chief

Mole Mapping: Managing High Risk Patients through Imaging 1 Disclosures Chief Medical Officer for MoleSafe USA, LLC 2 Mole Mapping: Managing High Risk Patients through Imaging This session will focus on utilizing imaging

398 views • 12 slides
Detection and Quantification of Atmospheric Boundary Layer Greenhouse Gas Dry Mole Fraction

Detection and Quantification of Atmospheric Boundary Layer Greenhouse Gas Dry Mole Fraction

Detection and Quantification of Atmospheric Boundary Layer Greenhouse Gas Dry Mole Fraction Enhancements from Urban Emissions: Results from INFLUX Natasha Miles, Scott Richardson, Thomas Lauvaux, Ken Davis, A.J. Deng, Colm Sweeney, Anna Karion,

533 views • 13 slides
Mole Mapping: Managing High Risk Patients through Imaging Disclosures Chief Medical

Mole Mapping: Managing High Risk Patients through Imaging Disclosures Chief Medical

Mole Mapping: Managing High Risk Patients through Imaging Disclosures Chief Medical Officer for MoleSafe USA, LLC Mole Mapping: Managing High Risk Patients through Imaging This session will focus on utilizing imaging

449 views • 34 slides
Mole 27 Main Theme Address: Partnership Arrangement Critical for Effective Implementation of the

Mole 27 Main Theme Address: Partnership Arrangement Critical for Effective Implementation of the

Mole 27 Main Theme Address: Partnership Arrangement Critical for Effective Implementation of the WASH SDGs in Ghana: The CSO Imperative Abdul-Nashiru, Country Director, WaterAid 22 nd November, 2016 Aqua Safari. Big Ada Journey from MDGs to

437 views • 12 slides
Welcome to Mole Parents Class Meeting MISS STEWARD MRS. CARTWRIGHT MRS. GAMBELL Friendships

Welcome to Mole Parents Class Meeting MISS STEWARD MRS. CARTWRIGHT MRS. GAMBELL Friendships

Welcome to Mole Parents Class Meeting MISS STEWARD MRS. CARTWRIGHT MRS. GAMBELL Friendships row Excellence earn Our School Respect Vision and Values Courage ersevere Positivity ucceed Good Learners This years topics Autumn:

286 views • 18 slides
North Mole Gibraltar Project Example of CO 2 footprint improvement with Gas & Dual Fuel engines

North Mole Gibraltar Project Example of CO 2 footprint improvement with Gas & Dual Fuel engines

North Mole Gibraltar Project Example of CO 2 footprint improvement with Gas & Dual Fuel engines Dr. Tilman Ttken Augsburg, June 2018 Source: https://pixabay.com/de/gibraltar-fels-luftbild-panorama-2079953/ MAN Diesel & Turbo Dr.

1.09k views • 22 slides
MoLe: Motion Leaks through Smartwatch Sensors Yi Mao, Ruoxi Li Introduction Question: can we

MoLe: Motion Leaks through Smartwatch Sensors Yi Mao, Ruoxi Li Introduction Question: can we

MoLe: Motion Leaks through Smartwatch Sensors Yi Mao, Ruoxi Li Introduction Question: can we mine accelerometer and gyroscope data from smart watches to infer what words a user is typing? Introduction - Challenges Absence of data from the

687 views • 32 slides

More recommend