SlideShare una empresa de Scribd logo

Beyond security testing

Cu Nguyen
Cu Nguyen
EducaciónTecnología
1 de 37
Descargar para leer sin conexión
Beyond Security Testing A Seminar C.D. Nguyen, PhD SE-Group / FBK http://selab.fbk.eu/dnguyen/ Trento, April 2013 1
Before we start • About the presenter: • A security-enthusiastic SE researcher: • work to improve software quality • promote to build secure softwares, because security is a feature, not an afterthought • About this seminar • Open, don’t hesitate to interrupt • Love to discuss & learn your “white-hat” hacking experience • Last but not least good news: No exam related to this seminar
Agenda 1.Introduction 2.Engineering secure software systems 3.The role of a security tester
Part I: Introduction
The need of secure systems • The “good old days, 1990s”, PCs are isolated, with little (or no) connectivity • Security is not a problem, as long as Apps work • No security concern in most of the engineering books!!! • However, old practices still influence today’s software development 5
The need of secure systems • In the Internet era: • All devices are connected, virtually • This gives a huge opportunity to attackers • have assess to target devices • systems are not designed with security • The Internet was not designed with security in mind (CERT)
Examples
Security in mobile world
Security is a product feature • Security is a feature, just like other feature in the product • Ensure availability • Secure customer information • Help gain users’ trust • Do not treat security as an afterthought • People often add security as a wrapping layer around other features • and consider security only when it needs to: • when having resource • or after being attacked This is wrong!!!
Security is a product feature Adding security as an afterthought is wrong, why? • Late addition of any feature, including security, is expensive • Might impact & change other features, expensive too • Break the current interfaces It’s better to consider security right from start: • Security is a feature, it needs resource too, but it’s planned, no surprise • Require more resource at the beginning, but overall cheaper •The released product is more secure!!!
Part II: Engineering Secure Software Systems
Software Engineering (SE) Basis about: • What is software? • What is software engineering? • What is a software process?
What is software? • Computer programs and associated documentation such as requirements, design models and user manuals. • Software products may be developed for a particular customer or may be developed for a general market. • Software products may be • Generic - developed to be sold to a range of different customers e.g. PC software such as Excel or Word. • Tailored - developed for a single customer according to their specification. • New software can be created by developing new programs, configuring generic software systems or reusing existing software. Slide credit: Ian Sommerville - Software Engineering, 7th Edition
What is software engineering? • Software engineering is an engineering discipline that is concerned with all aspects of software production. • Software engineers should adopt a systematic and organised approach to their work and use appropriate tools and techniques depending on the problem to be solved, the development constraints and the resources available. Slide credit: Ian Sommerville - Software Engineering, 7th Edition
What is a software process? • A set of activities whose goal is the development or evolution of software. • Generic activities in all software processes are: • Specification - what the system should do and its development constraints • Development - production of the software system • Validation - checking that the software is what the customer wants • Evolution - changing the software in response to changing demands Slide credit: Ian Sommerville - Software Engineering, 7th Edition
Software process models? • Are software process seen from specific perspective, e.g. workflow, role/action • Many process models exist, no “one side fit all) Example: Iterative developme nt !
SE for secure systems Development Activities Security Feature Requirement Specification Analysts Design Designers Implementation Dev. Testing &Validation Test engineers It’s everyone’s concerns!
SE for secure systems • Team training • Security knowledge is essential: secure design, secure coding, and more thorough testing • Often team members are not security-equipped, pre-training is needed • Security experts can take part in security reviews • Software process model with security by default • Embody security engineering aspects in every activity
Microsoft® Security Development Lifecycle (SDL) More info: http://www.microsoft.com/security/sdl/default.aspx The most comprehensive & systematic process model publicly available.
Microsoft® Security Development Lifecycle (SDL) • Requirements: • Security and privacy analysis involves security experts, define security criteria • Defines the severity thresholds of security vulnerabilities — for example, no known vulnerabilities in the application with a “critical” or “important” rating at time of release • Security risk assessments (SRAs) and privacy risk assessments (PRAs) identify functional aspects of the software that require closer review
Microsoft® Security Development Lifecycle (SDL) • Design: • Create security and privacy design specifications, specification review • Analyze attack surface • Threat modeling: understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Microsoft® Security Development Lifecycle (SDL) • Verification: • Dynamic analysis, leveraging tools which monitor application behavior • Fuzz Testing • Attack surface review
Thread modeling • Formally specify: • Potential enemies attackers • Security threats • Risks from those threats • Mitigation solutions • Done at design phase, used in all sub-sequence phases, including testing
Thread modeling • How to determine threats: • Using known categories of threats (STRIDE: Spoofing identity,Tampering with data ….) • Tools: • SDL Threat Modeling Tool 3.1.8 (Microsoft) • SecureTropos • Misuse case
Examples of threat models A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed1 , Raimundas Matuleviˇcius1 , and Haralambos Mouratidis2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee 2 School of Computing and Technology, University of East London, UK h.mouratidis@uel.ac.uk Fig. 2. Misuse Case Diagram A resource (e.g., Account) is an entity required by actors. In Secure Tropos, se- curity constraint (e.g., Only by bank customer and Only by bank officer) Threat modeled as Use Cases & Misuse Cases
Examples of threat models A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed1 , Raimundas Matuleviˇcius1 , and Haralambos Mouratidis2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee 2 School of Computing and Technology, University of East London, UK h.mouratidis@uel.ac.uk A resource (e.g., Account) is an entity required by actors. In Secure Tropos, se- curity constraint (e.g., Only by bank customer and Only by bank officer) is a constraint that the system must possess. A threat (e.g., Money stolen) rep- resents an event that endangers the security features of system. Additionally, vulnerability point is represented by a black circle in Fig.3 (adapted from [5]). Fig. 3. Secure Tropos Diagram Secure Tropos uses relationships to connect constructs. Dependency link shows that one actor (depender) depends on another actor (dependee) to attain Threat modeled with Secure Tropos
A successful story: Windows 7 • Memo from Bill Gates Jan. 15, 2002 ... designed from the ground up to deliver Trustworthy Computing. What I mean by this is that customers will always be able to rely on these systems to be available and to secure their information. Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony. ! ... In the past, we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.
A successful story: Windows 7 • Microsoft has changed radically its engineering process to include security • Resulting: Windows 7 is much more secure than previous versions, more security features • Address Space Layout Randomization (ASLR) • PatchGuard, to prevent unauthorized programs from modifying the operating system kernel • User Account Control (UAC), least privilege principle • Protected Mode Internet Explorer (PMIE) Source: http://www.biztechmagazine.com/, http://www.techradar.com
Part III:The role of a security tester
Security testing • Security testing is an important part of the overall process • If you don’t perform security testing for your application, someone else NOT working for your company will • But, it’s different from normal testing • Security testing is to demonstrate that threat mitigation techniques work • Buy showing that user’s identify cannot be spoofed, data cannot be tampered…. • (Security) testers: • keep everyone honest • have the final STAMP as to whether your application ships • Security testers should adopt a hacker’s mindset 30
Security tester role • Building Security Test Plans from a Threat Model 1.Decompose the application into its fundamental components. 2.Identify the component interfaces. 3.Rank the interfaces by potential vulnerability. 4.Ascertain the data structures used by each interface. 5.Find security problems by injecting mutated data. • Testing (with security templates) & Finding bugs
Examples of component interfaces • TCP and UDP sockets s Wireless data • NetBIOS • Mailslots • Dynamic Data Exchange (DDE) • Named Pipes • Shared memory • Other named objects—Named Pipes and shared memory are named objects—such as semaphores and mutexes • The Clipboard • Local procedure call (LPC) and remote procedure call (RPC) interfaces • COM methods, properties, and events • Parameters to ActiveX Controls and Applets (usually <OBJECT> tag arguments) • EXE and DLL functions • System traps and input/output controls (IOCTLs) for kernel-mode components s The registry • HTTP requests and responses • Simple Object Access Protocol (SOAP) requests • Remote API (RAPI), used by Pocket PCs • Console input • Command line arguments • Dialog boxes • Database access technologies, including OLE DB and ODBC • Database stored procedures • Store-and-forward interfaces, such as e-mail using SMTP, POP, or MAPI, or queuing technologies such as MSMQ • Environment (environment variables) • Files • Microphone • LDAP sources, such as Active Directory • Hardware devices, such as infrared using Infrared Data Association (IrDA), universal serial bus (USB), COM ports, FireWire (IEEE 1394), Bluetooth and so on
Data mutation (Fuzz testing) Important The application has suffered a DoS attack if you can make a networked service fail with an access violation or some other exception. The development team should take these threats seriously, because they will have to fix the bug after the product ships if the defect is discovered. Figure 19-1 shows techniques for perturbing an application’s environment. F19GO01 Figure 19-1 Techniques to perturb applications to reveal security vul- nerabilities and reliability bugs. Does not exist (Od) Exists (Oe)Restricted access (Or) No access (Oa) Data Long (Ll) Short (Ls) Zero length (Lz) Zero (Cz) Null (Cn) Valid + Invalid (Cv) Random (Cr) Wrong type (Ct) Replay (Nr) Out-of-sync (No) High volume (Nh) Contents Applies to on-the-wire data Size Link (Ol) Name (On)Container Security data mutation techniques Wrong sign (Cs) Out of bounds (Co) Special characters Slashes (Cps) Quotes (Cpq) HTML (Cph) Escaped (Cpe) Script (Cps) Meta (Cpm)
Hackers' mindset • See things from different perspectives, with genius and curiosity • Breaking things is a nature • Earn respect by solving interesting problems. Hacker's Manifesto: http://www.phrack.org/ issues.html?issue=7&id=3&mode=txt
Summary • Security problems are on the news’ headlines every day • Unfortunately, there is no security in the “old-but-still-used” software practices • We need to build security in software from ground up • It is a product feature, not a wrapping layer
Summary • Software process lifecycle with security does exist • Microsoft® SDL is a systematic and comprehensive one • Security testing is different from normal testing • It’s hard but we have to, otherwise your enemies will do • Ethical hacker’s mindset helps
To read more Writing Secure Code, Second Edition Michael Howard and David LeBlanc

Recomendados

Reduce Third Party Developer Risks
Reduce Third Party Developer RisksReduce Third Party Developer Risks
Reduce Third Party Developer RisksKevo Meehan
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer RiskSecurity Innovation
 
Software Engineering Lec 1-introduction
Software Engineering Lec 1-introductionSoftware Engineering Lec 1-introduction
Software Engineering Lec 1-introductionTaymoor Nazmy
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramMichael Davis
 

Recomendados

Reduce Third Party Developer Risks
Reduce Third Party Developer RisksReduce Third Party Developer Risks
Reduce Third Party Developer RisksKevo Meehan
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer RiskSecurity Innovation
 
Software Engineering Lec 1-introduction
Software Engineering Lec 1-introductionSoftware Engineering Lec 1-introduction
Software Engineering Lec 1-introductionTaymoor Nazmy
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramMichael Davis
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for ConsultantsDilum Bandara
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLCChitpong Wuttanan
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
0273710133 pp01v2
0273710133 pp01v20273710133 pp01v2
0273710133 pp01v2Ravi Chandra
 
What's New in Innoslate 4.3
What's New in Innoslate 4.3What's New in Innoslate 4.3
What's New in Innoslate 4.3Elizabeth Steiner
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
01 unidad i introduccion
01 unidad i introduccion01 unidad i introduccion
01 unidad i introduccionvictdiazm
 
SEOC 2004-2011
SEOC 2004-2011SEOC 2004-2011
SEOC 2004-2011Massimo Felici
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Intro
IntroIntro
Introhinaaaa123
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering trainingBryan Len
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and TipsSoftServe
 
Introduction to Systems Engineering
Introduction to Systems EngineeringIntroduction to Systems Engineering
Introduction to Systems EngineeringBernardo A. Delicado
 
2016 virus bulletin
2016 virus bulletin2016 virus bulletin
2016 virus bulletinAdrian Sanabria
 
How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded EditionTechWell
 
Online Software development training
Online Software development trainingOnline Software development training
Online Software development trainingvibrantuser
 
Innoslate for Academia
Innoslate for AcademiaInnoslate for Academia
Innoslate for AcademiaElizabeth Steiner
 
Lecture 1 se
Lecture 1 seLecture 1 se
Lecture 1 seTribhuvan University
 
SE
SESE
SEadeel adeel
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile worldStefan Streichsbier
 

Más contenido relacionado

La actualidad más candente

Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for ConsultantsDilum Bandara
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
01 unidad i introduccion
01 unidad i introduccion01 unidad i introduccion
01 unidad i introduccionvictdiazm
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering trainingBryan Len
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and TipsSoftServe
 
Introduction to Systems Engineering
Introduction to Systems EngineeringIntroduction to Systems Engineering
Introduction to Systems EngineeringBernardo A. Delicado
 
How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded EditionTechWell
 
Online Software development training
Online Software development trainingOnline Software development training
Online Software development trainingvibrantuser
 

La actualidad más candente (20)

Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlc
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLC
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
 
0273710133 pp01v2
0273710133 pp01v20273710133 pp01v2
0273710133 pp01v2
 
What's New in Innoslate 4.3
What's New in Innoslate 4.3What's New in Innoslate 4.3
What's New in Innoslate 4.3
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
01 unidad i introduccion
01 unidad i introduccion01 unidad i introduccion
01 unidad i introduccion
 
SEOC 2004-2011
SEOC 2004-2011SEOC 2004-2011
SEOC 2004-2011
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
Intro
IntroIntro
Intro
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering training
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and Tips
 
Introduction to Systems Engineering
Introduction to Systems EngineeringIntroduction to Systems Engineering
Introduction to Systems Engineering
 
2016 virus bulletin
2016 virus bulletin2016 virus bulletin
2016 virus bulletin
 
How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded Edition
 
Online Software development training
Online Software development trainingOnline Software development training
Online Software development training
 
Innoslate for Academia
Innoslate for AcademiaInnoslate for Academia
Innoslate for Academia
 
Lecture 1 se
Lecture 1 seLecture 1 se
Lecture 1 se
 

Similar a Beyond security testing

Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile worldStefan Streichsbier
 
Week_01-Intro to Software Engineering-1.ppt
Week_01-Intro to Software Engineering-1.pptWeek_01-Intro to Software Engineering-1.ppt
Week_01-Intro to Software Engineering-1.ppt23017156038
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1Eelco Visser
 
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.pptgealehegn
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
Chapter 01
Chapter 01Chapter 01
Chapter 01ryan aja
 
Unit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearUnit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearPreeti Mishra
 
Unit 1 introduction tosoftengg_mba tech ii year
Unit 1 introduction tosoftengg_mba tech ii yearUnit 1 introduction tosoftengg_mba tech ii year
Unit 1 introduction tosoftengg_mba tech ii yearPreeti Mishra
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project 99X Technology
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 

Similar a Beyond security testing (20)

SE
SESE
SE
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile world
 
Week_01-Intro to Software Engineering-1.ppt
Week_01-Intro to Software Engineering-1.pptWeek_01-Intro to Software Engineering-1.ppt
Week_01-Intro to Software Engineering-1.ppt
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1
 
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
Week1.pptx
Week1.pptxWeek1.pptx
Week1.pptx
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
Unit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii yearUnit 1 importance ofsoftengg_b.tech iii year
Unit 1 importance ofsoftengg_b.tech iii year
 
Unit 1 introduction tosoftengg_mba tech ii year
Unit 1 introduction tosoftengg_mba tech ii yearUnit 1 introduction tosoftengg_mba tech ii year
Unit 1 introduction tosoftengg_mba tech ii year
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 

Último

Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsMental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsPooky Knightsmith
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleCeline George
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17Celine George
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 

Último (20)

INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsMental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young minds
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP Module
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 

Beyond security testing

  • 1. Beyond Security Testing A Seminar C.D. Nguyen, PhD SE-Group / FBK http://selab.fbk.eu/dnguyen/ Trento, April 2013 1
  • 2. Before we start • About the presenter: • A security-enthusiastic SE researcher: • work to improve software quality • promote to build secure softwares, because security is a feature, not an afterthought • About this seminar • Open, don’t hesitate to interrupt • Love to discuss & learn your “white-hat” hacking experience • Last but not least good news: No exam related to this seminar
  • 3. Agenda 1.Introduction 2.Engineering secure software systems 3.The role of a security tester
  • 5. The need of secure systems • The “good old days, 1990s”, PCs are isolated, with little (or no) connectivity • Security is not a problem, as long as Apps work • No security concern in most of the engineering books!!! • However, old practices still influence today’s software development 5
  • 6. The need of secure systems • In the Internet era: • All devices are connected, virtually • This gives a huge opportunity to attackers • have assess to target devices • systems are not designed with security • The Internet was not designed with security in mind (CERT)
  • 9. Security is a product feature • Security is a feature, just like other feature in the product • Ensure availability • Secure customer information • Help gain users’ trust • Do not treat security as an afterthought • People often add security as a wrapping layer around other features • and consider security only when it needs to: • when having resource • or after being attacked This is wrong!!!
  • 10. Security is a product feature Adding security as an afterthought is wrong, why? • Late addition of any feature, including security, is expensive • Might impact & change other features, expensive too • Break the current interfaces It’s better to consider security right from start: • Security is a feature, it needs resource too, but it’s planned, no surprise • Require more resource at the beginning, but overall cheaper •The released product is more secure!!!
  • 11. Part II: Engineering Secure Software Systems
  • 12. Software Engineering (SE) Basis about: • What is software? • What is software engineering? • What is a software process?
  • 13. What is software? • Computer programs and associated documentation such as requirements, design models and user manuals. • Software products may be developed for a particular customer or may be developed for a general market. • Software products may be • Generic - developed to be sold to a range of different customers e.g. PC software such as Excel or Word. • Tailored - developed for a single customer according to their specification. • New software can be created by developing new programs, configuring generic software systems or reusing existing software. Slide credit: Ian Sommerville - Software Engineering, 7th Edition
  • 14. What is software engineering? • Software engineering is an engineering discipline that is concerned with all aspects of software production. • Software engineers should adopt a systematic and organised approach to their work and use appropriate tools and techniques depending on the problem to be solved, the development constraints and the resources available. Slide credit: Ian Sommerville - Software Engineering, 7th Edition
  • 15. What is a software process? • A set of activities whose goal is the development or evolution of software. • Generic activities in all software processes are: • Specification - what the system should do and its development constraints • Development - production of the software system • Validation - checking that the software is what the customer wants • Evolution - changing the software in response to changing demands Slide credit: Ian Sommerville - Software Engineering, 7th Edition
  • 16. Software process models? • Are software process seen from specific perspective, e.g. workflow, role/action • Many process models exist, no “one side fit all) Example: Iterative developme nt !
  • 17. SE for secure systems Development Activities Security Feature Requirement Specification Analysts Design Designers Implementation Dev. Testing &Validation Test engineers It’s everyone’s concerns!
  • 18. SE for secure systems • Team training • Security knowledge is essential: secure design, secure coding, and more thorough testing • Often team members are not security-equipped, pre-training is needed • Security experts can take part in security reviews • Software process model with security by default • Embody security engineering aspects in every activity
  • 19. Microsoft® Security Development Lifecycle (SDL) More info: http://www.microsoft.com/security/sdl/default.aspx The most comprehensive & systematic process model publicly available.
  • 20. Microsoft® Security Development Lifecycle (SDL) • Requirements: • Security and privacy analysis involves security experts, define security criteria • Defines the severity thresholds of security vulnerabilities — for example, no known vulnerabilities in the application with a “critical” or “important” rating at time of release • Security risk assessments (SRAs) and privacy risk assessments (PRAs) identify functional aspects of the software that require closer review
  • 21. Microsoft® Security Development Lifecycle (SDL) • Design: • Create security and privacy design specifications, specification review • Analyze attack surface • Threat modeling: understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
  • 22. Microsoft® Security Development Lifecycle (SDL) • Verification: • Dynamic analysis, leveraging tools which monitor application behavior • Fuzz Testing • Attack surface review
  • 23. Thread modeling • Formally specify: • Potential enemies attackers • Security threats • Risks from those threats • Mitigation solutions • Done at design phase, used in all sub-sequence phases, including testing
  • 24. Thread modeling • How to determine threats: • Using known categories of threats (STRIDE: Spoofing identity,Tampering with data ….) • Tools: • SDL Threat Modeling Tool 3.1.8 (Microsoft) • SecureTropos • Misuse case
  • 25. Examples of threat models A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed1 , Raimundas Matuleviˇcius1 , and Haralambos Mouratidis2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee 2 School of Computing and Technology, University of East London, UK h.mouratidis@uel.ac.uk Fig. 2. Misuse Case Diagram A resource (e.g., Account) is an entity required by actors. In Secure Tropos, se- curity constraint (e.g., Only by bank customer and Only by bank officer) Threat modeled as Use Cases & Misuse Cases
  • 26. Examples of threat models A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed1 , Raimundas Matuleviˇcius1 , and Haralambos Mouratidis2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee 2 School of Computing and Technology, University of East London, UK h.mouratidis@uel.ac.uk A resource (e.g., Account) is an entity required by actors. In Secure Tropos, se- curity constraint (e.g., Only by bank customer and Only by bank officer) is a constraint that the system must possess. A threat (e.g., Money stolen) rep- resents an event that endangers the security features of system. Additionally, vulnerability point is represented by a black circle in Fig.3 (adapted from [5]). Fig. 3. Secure Tropos Diagram Secure Tropos uses relationships to connect constructs. Dependency link shows that one actor (depender) depends on another actor (dependee) to attain Threat modeled with Secure Tropos
  • 27. A successful story: Windows 7 • Memo from Bill Gates Jan. 15, 2002 ... designed from the ground up to deliver Trustworthy Computing. What I mean by this is that customers will always be able to rely on these systems to be available and to secure their information. Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony. ! ... In the past, we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.
  • 28. A successful story: Windows 7 • Microsoft has changed radically its engineering process to include security • Resulting: Windows 7 is much more secure than previous versions, more security features • Address Space Layout Randomization (ASLR) • PatchGuard, to prevent unauthorized programs from modifying the operating system kernel • User Account Control (UAC), least privilege principle • Protected Mode Internet Explorer (PMIE) Source: http://www.biztechmagazine.com/, http://www.techradar.com
  • 29. Part III:The role of a security tester
  • 30. Security testing • Security testing is an important part of the overall process • If you don’t perform security testing for your application, someone else NOT working for your company will • But, it’s different from normal testing • Security testing is to demonstrate that threat mitigation techniques work • Buy showing that user’s identify cannot be spoofed, data cannot be tampered…. • (Security) testers: • keep everyone honest • have the final STAMP as to whether your application ships • Security testers should adopt a hacker’s mindset 30
  • 31. Security tester role • Building Security Test Plans from a Threat Model 1.Decompose the application into its fundamental components. 2.Identify the component interfaces. 3.Rank the interfaces by potential vulnerability. 4.Ascertain the data structures used by each interface. 5.Find security problems by injecting mutated data. • Testing (with security templates) & Finding bugs
  • 32. Examples of component interfaces • TCP and UDP sockets s Wireless data • NetBIOS • Mailslots • Dynamic Data Exchange (DDE) • Named Pipes • Shared memory • Other named objects—Named Pipes and shared memory are named objects—such as semaphores and mutexes • The Clipboard • Local procedure call (LPC) and remote procedure call (RPC) interfaces • COM methods, properties, and events • Parameters to ActiveX Controls and Applets (usually <OBJECT> tag arguments) • EXE and DLL functions • System traps and input/output controls (IOCTLs) for kernel-mode components s The registry • HTTP requests and responses • Simple Object Access Protocol (SOAP) requests • Remote API (RAPI), used by Pocket PCs • Console input • Command line arguments • Dialog boxes • Database access technologies, including OLE DB and ODBC • Database stored procedures • Store-and-forward interfaces, such as e-mail using SMTP, POP, or MAPI, or queuing technologies such as MSMQ • Environment (environment variables) • Files • Microphone • LDAP sources, such as Active Directory • Hardware devices, such as infrared using Infrared Data Association (IrDA), universal serial bus (USB), COM ports, FireWire (IEEE 1394), Bluetooth and so on
  • 33. Data mutation (Fuzz testing) Important The application has suffered a DoS attack if you can make a networked service fail with an access violation or some other exception. The development team should take these threats seriously, because they will have to fix the bug after the product ships if the defect is discovered. Figure 19-1 shows techniques for perturbing an application’s environment. F19GO01 Figure 19-1 Techniques to perturb applications to reveal security vul- nerabilities and reliability bugs. Does not exist (Od) Exists (Oe)Restricted access (Or) No access (Oa) Data Long (Ll) Short (Ls) Zero length (Lz) Zero (Cz) Null (Cn) Valid + Invalid (Cv) Random (Cr) Wrong type (Ct) Replay (Nr) Out-of-sync (No) High volume (Nh) Contents Applies to on-the-wire data Size Link (Ol) Name (On)Container Security data mutation techniques Wrong sign (Cs) Out of bounds (Co) Special characters Slashes (Cps) Quotes (Cpq) HTML (Cph) Escaped (Cpe) Script (Cps) Meta (Cpm)
  • 34. Hackers' mindset • See things from different perspectives, with genius and curiosity • Breaking things is a nature • Earn respect by solving interesting problems. Hacker's Manifesto: http://www.phrack.org/ issues.html?issue=7&id=3&mode=txt
  • 35. Summary • Security problems are on the news’ headlines every day • Unfortunately, there is no security in the “old-but-still-used” software practices • We need to build security in software from ground up • It is a product feature, not a wrapping layer
  • 36. Summary • Software process lifecycle with security does exist • Microsoft® SDL is a systematic and comprehensive one • Security testing is different from normal testing • It’s hard but we have to, otherwise your enemies will do • Ethical hacker’s mindset helps
  • 37. To read more Writing Secure Code, Second Edition Michael Howard and David LeBlanc