Secure and Resilient Software Development

Secure and Resilient Software Development

by Mark S. Merkow, Lakshmikanth Raghavan
Released June 2010
Publisher(s): Auerbach Publications
ISBN: 9781498759618

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Many of the software books available clearly highlight the problems with current software development but don't provide comprehensive, easily actionable, ground-level solutions. Covering the entire secure software development life cycle that ties all development together, this book presents quality software development strategies and practices stressing resilience requirements with precise, actionable, and ground-level inputs that connect directly with their creators. The text helps developers understand fundamental problems and provides them with best practices, principles, design methodology, programming guidance, and testing practices.

Table of contents

  1. Preliminaries
  2. Preface
    1. How This Book Is Organized
  3. About the Authors
  4. Acknowledgments
  5. Chapter 1 How Does Software Fail Thee? Let Us Count the Ways
    1. Chapter Overview
    2. 1.1 Vulnerabilities Abound
      1. 1.1.1 Security Flaws Are Omnipresent
      2. 1.1.2 Cars Have their Share of Computer Problems Too
    3. 1.2 Tracing the Roots of Defective Software
    4. 1.3 What Are the True Costs of Insecure Software to Global Enterprises?
    5. 1.4 Addressing Security Questions Addresses Resilience
    6. Summary
    7. 1.5 References
      1. Table 1.1
  6. Chapter 2 Characteristics of Secure and Resilient Software
    1. Chapter Overview
    2. 2.1 Functional Versus Nonfunctional Requirements
    3. 2.2 Testing Nonfunctional Requirements
    4. 2.3 Families of Nonfunctional Requirements
    5. 2.4 Availability
        1. Availability Levels and Measurements
    6. 2.5 Capacity
    7. 2.6 Efficiency
    8. 2.7 Interoperability
    9. 2.8 Manageability
    10. 2.9 Cohesion
    11. 2.10 Coupling
    12. 2.11 Maintainability
    13. 2.12 Performance
    14. 2.13 Portability
    15. 2.14 Privacy
    16. 2.15 Recoverability
    17. 2.16 Reliability
    18. 2.17 Scalability
    19. 2.18 Security
    20. 2.19 Serviceability/Supportability
    21. 2.20 Characteristics of Good Requirements
    22. 2.21 Eliciting Nonfunctional Requirements
    23. 2.22 Documenting Nonfunctional Requirements
    24. Summary
    25. 2.23 References
      1. Figure 2.1
      1. Table 2.1
      2. Table 2.2
      3. Table 2.3
  7. Chapter 3 Security and Resilience in the Software Development Life Cycle
    1. Chapter Overview
    2. 3.1 Resilience and Security Begin from Within
    3. 3.2 Requirements Gathering and Analysis
    4. 3.3 Systems Design and Detailed Design
      1. 3.3.1 Functional Decomposition
      2. 3.3.2 Categorizing Threats
      3. 3.3.3 Ranking Threats
      4. 3.3.4 Mitigation Planning
    5. 3.4 Design Reviews
    6. 3.5 Development (Coding) Phase
      1. 3.5.1 Static Analysis
      2. 3.5.2 Peer Review
      3. 3.5.3 Unit Testing
    7. 3.6 Testing
    8. 3.7 Deployment
    9. 3.8 Security Training
    10. Summary
    11. 3.9 References
      1. Figure 3.1
      2. Figure 3.2
      3. Figure 3.3
      4. Figure 3.4
      5. Figure 3.5
      6. Figure 3.6
  8. Chapter 4 Proven Best Practices for Resilient Applications
    1. Chapter Overview
    2. 4.1 Critical Concepts
    3. 4.2 The Security Perimeter
    4. 4.3 Attack Surface
      1. 4.3.1 Mapping the Attack Surface
      2. 4.3.2 Side Channel Attacks
    5. 4.4 Application Security and Resilience Principles
    6. 4.5 Practice 1: Apply Defense in Depth
    7. 4.6 Practice 2: Use a Positive Security Model
    8. 4.7 Practice 3: Fail Securely
    9. 4.8 Practice 4: Run with Least Privilege
    10. 4.9 Practice 5: Avoid Security by Obscurity
    11. 4.10 Practice 6: Keep Security Simple
    12. 4.11 Practice 7: Detect Intrusions
      1. 4.11.1 Log All Security-Relevant Information
      2. 4.11.2 Ensure That the Logs Are Monitored Regularly
      3. 4.11.3 Respond to Intrusions
    13. 4.12 Practice 8: Don’t Trust Infrastructure
    14. 4.13 Practice 9: Don’t Trust Services
    15. 4.14 Practice 10: Establish Secure Defaults
    16. 4.15 Mapping Best Practices to Nonfunctional Requirements
    17. Summary
    18. 4.16 References
      1. Figure 4.1
      2. Figure 4.2
      1. Table 4.1
  9. Chapter 5 Designing Applications for Security and Resilience
    1. Overview
    2. 5.1 Design Phase Recommendations
      1. 5.1.1 Misuse Case Modeling
      2. 5.1.2 Security Design and Architecture Review
      3. 5.1.3 Threat and Risk Modeling
      4. 5.1.4 Risk Analysis and Modeling
      5. 5.1.5 Security Requirements and Test Case Generation
    3. 5.2 Design to Meet Nonfunctional Requirements
    4. 5.3 Design Patterns
    5. 5.4 Architecting for the Web
    6. 5.5 Architecture and Design Review Checklist
    7. Summary
    8. 5.6 References
      1. Figure 5.1
      1. Table 5.1
      2. Table 5.2
  10. Chapter 6 Programming Best Practices
    1. Chapter Overview
    2. 6.1 The Evolution of Software Attacks
    3. 6.2 The OWASP Top 10
      1. 6.2.1 A1: Injection
      2. 6.2.2 A2: Cross-Site Scripting
      3. 6.2.3 A3: Broken Authentication and Session Management
      4. 6.2.4 A4: Insecure Direct Object References
      5. 6.2.5 A5: Cross-Site Request Forgery
      6. 6.2.6 A6: Security Misconfiguration
      7. 6.2.7 A7: Failure to Restrict URL Access
      8. 6.2.8 A8: Unvalidated Redirects and Forwards
      9. 6.2.9 A9: Insecure Cryptographic Storage
      10. 6.2.10 A10: Insufficient Transport Layer Protection
    4. 6.3 OWASP Enterprise Security API (ESAPI)
      1. 6.3.1 Input Validation and Handling
      2. 6.3.2 Client-Side Versus Server-Side Validation
      3. 6.3.3 Input Sanitization
      4. 6.3.4 Canonicalization
      5. 6.3.5 Examples of Attacks due to Improper Input Handling
        1. 6.3.5.1 Buffer Overflow
        2. 6.3.5.2 OS Commanding
      6. 6.3.6 Approaches to Validating Input Data
        1. 6.3.6.1 Exact Match Validation
        2. 6.3.6.2 Known Good Validation
        3. 6.3.6.3 Known Bad Validation
      7. 6.3.7 Handling Bad Input
      8. 6.3.8 ESAPI Interfaces
    5. 6.4 Cross-Site Scripting
      1. 6.4.1 Same Origin Policy
      2. 6.4.2 Attacks Through XSS
        1. 6.4.2.1 Persistent Attacks
        2. 6.4.2.2 Nonpersistent Attacks
        3. 6.4.2.3 DOM-Based Attacks
      3. 6.4.3 Prevention of Cross-Site Scripting
      4. 6.4.4 ESAPI Interfaces
    6. 6.5 Injection Attacks
      1. 6.5.1 SQL Injection
      2. 6.5.2 Stored Procedures
      3. 6.5.3 Identifying SQL Injection and Exploitation
        1. 6.5.3.1 SQL Injection
        2. 6.5.3.2 Blind SQL Injection
      4. 6.5.4 Defending Against SQL Injection
      5. 6.5.5 Creating SQL Queries
      6. 6.5.6 Additional Controls to Prevent SQL Injection Attacks
      7. 6.5.7 ESAPI Interfaces
    7. 6.6 Authentication and Session Management
      1. 6.6.1 Attacking Log-in Functionality
      2. 6.6.2 Attacking Password Resets
      3. 6.6.3 Attacking Sensitive Transactions
    8. 6.7 Cross-Site Request Forgery
      1. 6.7.1 CSRF Mitigation
    9. 6.8 Session Management
      1. 6.8.1 Attacking Log-out Functionality
      2. 6.8.2 Defenses Against Log-out Attacks
      3. 6.8.3 Defenses Against Cookie Attacks
      4. 6.8.4 Session Identifiers
        1. 6.8.4.1 Attacking a Session Identifier
        2. 6.8.4.2 Defenses Against Session ID Attacks
      5. 6.8.5 ESAPI Interfaces
    10. 6.9 Access Control
      1. 6.9.1 Avoiding Security Through Obscurity
      2. 6.9.2 Access Control Issues
      3. 6.9.3 Testing for Broken Access Control
      4. 6.9.4 Defenses Against Access Control Attacks
      5. 6.9.5 Administrator Interfaces
      6. 6.9.6 Protecting Administrator Interfaces
      7. 6.9.7 ESAPI Interfaces
    11. 6.10 Cryptography
      1. 6.10.1 Hashing and Password Security
      2. 6.10.2 Attacking the Hash
      3. 6.10.3 Precomputed Attacks
      4. 6.10.4 Message Authentication Code (MAC)
      5. 6.10.5 Home-Grown Algorithms
      6. 6.10.6 Randomness and Pseudo-Randomness
      7. 6.10.7 ESAPI Interfaces
    12. 6.11 Error Handling
      1. 6.11.1 User Error Messages
      2. 6.11.2 Log-in Error Messages—A Case Study
      3. 6.11.3 Error Message Differentiation
      4. 6.11.4 Developer Error Messages
      5. 6.11.5 Information to Be Kept Private
      6. 6.11.6 Structured Exception Handling
      7. 6.11.7 ESAPI Interfaces
    13. 6.12 Ajax and Flash
      1. 6.12.1 AJAX Application Traffic
      2. 6.12.2 AJAX Client Requests
      3. 6.12.3 Server Responses
      4. 6.12.4 Typical Attacks Against AJAX Applications
      5. 6.12.5 Security Recommendations for AJAX Applications
      6. 6.12.6 Adobe Flash—Sandbox Security Model
      7. 6.12.7 Cross-Domain Policy
      8. 6.12.8 Restrict SWF Files Embedded in HTML
      9. 6.12.9 Attacking Flash Applications
      10. 6.12.10 Securing Flash Applications
    14. 6.13 Additional Best Practices for Software Resilience
      1. 6.13.1 Externalize Variables
      2. 6.13.2 EncryptedProperties—Method Summary
      3. 6.13.3 Initialize Variables Properly
      4. 6.13.4 Do Not Ignore Values Returned by Functions
      5. 6.13.5 Avoid Integer Overflows
    15. 6.14 Top 10 Secure Coding Practices
    16. 6.15 Fifty Questions to Improve Software Security
    17. Summary
    18. 6.16 References
      1. Figure 6.1
      2. Figure 6.2
      3. Figure 6.3
      4. Figure 6.4
      5. Figure 6.5
      6. Figure 6.6
      7. Figure 6.7
      1. Table 6.1
      2. Table 6.2
      3. Table 6.3
      4. Table 6.4
      5. Table 6.5
      6. Table 6.6
      7. Table 6.7
      8. Table 6.8
  11. Chapter 7 Special Considerations for Embedded Systems, Cloud Computing, and Mobile Computing Devices
    1. Chapter Overview
    2. 7.1 Embedded Systems
      1. 7.1.1 Bad Assumptions About Embedded Systems Programming
      2. 7.1.2 New Mantras
      3. 7.1.3 The Framework
    3. 7.2 Distributed Applications/Cloud Computing
      1. 7.2.1 Representational State Transfer (REST)
      2. 7.2.2 REST Stateless Authentication
      3. 7.2.3 Attacking Distributed APIs
      4. 7.2.4 Securing Distributed APIs
    4. 7.3 Mobile Applications
      1. 7.3.1 BlackBerry
        1. 7.3.1.1 Overview
        2. 7.3.1.2 BlackBerry Connectivity and Security Capabilities
      2. 7.3.2 Windows Mobile
        1. 7.3.2.1 Overview
        2. 7.3.2.2 Windows Mobile Connectivity and Security Capabilities
      3. 7.3.3 iPhone
        1. 7.3.3.1 Overview
        2. 7.3.3.2 iPhone Connectivity and Security Capabilities
      4. 7.3.4 Mobile Application Security
    5. Summary
    6. 7.4 References
  12. Chapter 8 Security Testing of Custom Software Applications
    1. Chapter Overview
    2. 8.1 Fixing Early Versus Fixing After Release
    3. 8.2 Testing Phases
    4. 8.3 Unit Testing
    5. 8.4 Manual Source Code Review
    6. 8.5 The Code Review Process
    7. 8.6 Automated Source Code Analysis
      1. 8.6.1 Automated Reviews Compared with Manual Reviews
      2. 8.6.2 Commercial and Free Source Code Analyzers
        1. 8.6.2.1 Commercial—Multilanguage
        2. 8.6.2.2 Open Source—Multilanguage
        3. 8.6.2.3 .NET Support
        4. 8.6.2.4 Java Support
      3. 8.6.3 Fortify 360
        1. 8.6.3.1 O2—OunceOpen
    8. 8.7 Acquiring Commercial or Open-Source Analysis Tools
    9. 8.8 Deployment Strategy
      1. 8.8.1 IDE Integration for Developers
      2. 8.8.2 Build Integration for Governance
    10. 8.9 Regulatory Compliance
    11. 8.10 Benefits of Using Source Code Analyzers
    12. 8.11 Penetration (Pen) Testing
      1. 8.11.1 Penetration Testing Tools
      2. 8.11.2 Automated Black Box Scanning
      3. 8.11.3 Deployment Strategy
        1. 8.11.3.1 Developer Testing
        2. 8.11.3.2 Centralized Quality Assurance Testing
      4. 8.11.4 Gray Box Testing
      5. 8.11.5 Limitations and Constraints of Pen Testing Tools
    13. Summary
    14. 8.12 References
      1. Figure 8.1
      2. Figure 8.2
      3. Figure 8.3
      4. Figure 8.4
      5. Figure 8.5
  13. Chapter 9 Testing Commercial off-the-Shelf Systems
    1. Chapter Overview
    2. 9.1 The Problems with Shrink-Wrapped Software
    3. 9.2 The Common Criteria for Information Technology Security Evaluation
      1. 9.2.1 Harmonizing Evaluation Criteria
      2. 9.2.2 Development
      3. 9.2.3 Evaluation
      4. 9.2.4 Operation
      5. 9.2.5 Key Concepts of the Common Criteria
      6. 9.2.6 The Security Framework
      7. 9.2.7 The Common Criteria Approach
      8. 9.2.8 The Security Environment
      9. 9.2.9 The Common Criteria Portal
      10. 9.2.10 Criticisms of the CC
    4. 9.3 The Commercial Community Responds
      1. 9.3.1 The BITS/FSTC Security Assurance Initiative
    5. 9.4 ICSA Labs
      1. 9.4.1 Evaluation Methodology
      2. 9.4.2 Certification Criteria
      3. 9.4.3 ICSA Labs Testing and Certification Process
    6. 9.5 Veracode’s VerAfied Software Assurance
      1. 9.5.1 Ratings Methodology
      2. 9.5.2 Assessing Software for the VerAfied Mark
    7. Summary
    8. 9.6 References
      1. Figure 9.1
      2. Figure 9.2
      3. Figure 9.3
      4. Figure 9.4
      1. Table 9.1
      2. Table 9.2
  14. Chapter 10 Implementing Security and Resilience Using CLASP
    1. Chapter Overview
    2. 10.1 Comprehensive, Lightweight Application Security Process (CLASP)
    3. 10.2 CLASP Concepts
    4. 10.3 Overview of the CLASP Process
    5. 10.4 CLASP Key Best Practices
      1. 10.4.1 Best Practice 1: Institute Awareness Programs
      2. 10.4.2 Best Practice 2: Perform Application Assessments
      3. 10.4.3 Best Practice 3: Capture Security Requirements
      4. 10.4.4 Best Practice 4: Implement Secure Development Practices
      5. 10.4.5 Best Practice 5: Build Vulnerability Remediation Procedures
      6. 10.4.6 Best Practice 6: Define and Monitor Metrics
      7. 10.4.7 Best Practice 7: Publish Operational Security Guidelines
    6. 10.5 CLASP Security Activities to Augment Software Development Processes
    7. 10.6 Applying CLASP Security Activities to Roles
    8. 10.7 Re-engineering Your SDLC for CLASP
      1. 10.7.1 Business Objectives
      2. 10.7.2 Process Milestones
      3. 10.7.3 Process Evaluation Criteria
      4. 10.7.4 Forming the Process Re-engineering Team
    9. 10.8 Sample CLASP Implementation Roadmaps
      1. 10.8.1 Green-Field Roadmap
      2. 10.8.2 Legacy Roadmap
    10. Summary
    11. 10.9 References
      1. Figure 10.1
      1. Table 10.1
  15. Chapter 11 Metrics and Models for Security and Resilience Maturity
    1. Chapter Overview
    2. 11.1 Maturity Models for Security and Resilience
    3. 11.2 Software Assurance Maturity Model—OpenSAMM
      1. 11.2.1 Core Practice Areas
        1. 11.2.1.1 Governance Core Practice Areas
        2. 11.2.1.2 Construction Core Practice Areas
        3. 11.2.1.3 Verification Core Practice Areas
        4. 11.2.1.4 Deployment Core Practice Areas
      2. 11.2.2 Levels of Maturity
        1. 11.2.2.1 Objective
        2. 11.2.2.2 Activities
        3. 11.2.2.3 Results
        4. 11.2.2.4 Success Metrics
        5. 11.2.2.5 Costs
        6. 11.2.2.6 Personnel
        7. 11.2.2.7 Related Levels
      3. 11.2.3 Assurance
    4. 11.3 The Building Security In Maturity Model (BSIMM)
      1. 11.3.1 BSIMM Software Security Framework
        1. 11.3.1.1 Governance
        2. 11.3.1.2 Intelligence
        3. 11.3.1.3 SSDL Touchpoints
        4. 11.3.1.4 Deployment
    5. 11.4 BSIMM Activities
      1. 11.4.1 Governance: Strategy and Metrics
        1. 11.4.1.1 Strategy and Metrics Level 1 Overview
          1. Activities in Strategy and Metrics Area 1.1
          2. Activities in Strategy and Metrics Area 1.2
          3. Activities in Strategy and Metrics Area 1.3
          4. Activities in Strategy and Metrics Area 1.4
          5. Activities in Strategy and Metrics Area 1.5
        2. 11.4.1.2 Strategy and Metrics Level 2 Overview
          1. Activities in Strategy and Metrics Area 2.1
          2. Activities in Strategy and Metrics Area 2.2
          3. Activities in Strategy and Metrics Area 2.3
          4. Activities in Strategy and Metrics Area 2.4
        3. 11.4.1.3 Strategy and Metrics Level 3 Overview
          1. Activities in Strategy and Metrics Area 3.1
          2. Activities in Strategy and Metrics Area 3.2
      2. 11.4.2 Governance: Compliance and Policy
        1. 11.4.2.1 Compliance and Policy Level 1 Overview
          1. Activities in Compliance and Policy Area 1.1
          2. Activities in Compliance and Policy Area 1.1
          3. Activities in Compliance and Policy Area 1.2
        2. 11.4.2.2 Compliance and Policy Level 2 Overview
          1. Activities in Compliance and Policy Area 2.1
          2. Activities in Compliance and Policy Area 2.2
          3. Activities in Compliance and Policy Area 2.3
          4. Activities in Compliance and Policy Area 2.4
          5. Activities in Compliance and Policy Area 2.5
        3. 11.4.2.3 Compliance and Policy Level 3 Overview
          1. Activities in Compliance and Policy Area 3.1
          2. Activities in Compliance and Policy Area 3.2
          3. Activities in Compliance and Policy Area 3.3
      3. 11.4.3 Governance: Training
        1. 11.4.3.1 Training Level 1 Overview
          1. Activities in Training Area 1.1
          2. Activities in Training Area 1.2
          3. Activities in Training Area 1.3
          4. Activities in Training Area 1.4
        2. 11.4.3.2 Training Level 2 Overview
          1. Activities in Training Area 2.1
          2. Activities in Training Area 2.2
          3. Activities in Training Area 2.3
          4. Activities in Training Area 2.4
          5. Activities in Training Area 2.5
        3. 11.4.3.3 Training Level 3 Overview
          1. Activities in Training Area 3.1
          2. Activities in Training Area 3.2
          3. Activities in Training Area 3.3
      4. 11.4.4 Intelligence: Attack Models
        1. 11.4.4.1 Attack Models Level 1 Overview
          1. Activities in Attack Models Area 1.1
          2. Activities in Attack Models Area 1.2
          3. Activities in Attack Models Area 1.3
          4. Activities in Attack Models Area 1.4
        2. 11.4.4.2 Attack Models Level 2 Overview
          1. Activities in Attack Models Area 2.1
          2. Activities in Attack Models Area 2.2
          3. Activities in Attack Models Area 2.3
          4. Activities in Attack Models Area 2.4
        3. 11.4.4.3 Attack Models Level 3 Overview
          1. Activities in Attack Models Area 3.1
          2. Activities in Attack Models Area 3.2
      5. 11.4.5 Intelligence: Security Features and Design
        1. 11.4.5.1 Security Features and Design Level 1 Overview
          1. Security Features and Design Area 1.1
          2. Security Features and Design Area 1.2
        2. 11.4.5.2 Security Features and Design Level 2 Overview
          1. Security Features and Design Area 2.1
          2. Security Features and Design Area 2.2
          3. Security Features and Design Area 2.3
        3. 11.4.5.3 Security Features and Design Level 3 Overview
          1. Security Features and Design Area 3.1
          2. Security Features and Design Area 3.2
      6. 11.4.6 Intelligence: Standards and Requirements
        1. 11.4.6.1 Standards and Requirements Level 1 Overview
          1. Standards and Requirements Area 1.1
          2. Standards and Requirements Area 1.2
          3. Standards and Requirements Area 1.3
          4. Standards and Requirements Area 1.4
        2. 11.4.6.2 Standards and Requirements Level 2 Overview
          1. Standards and Requirements Area 2.1
          2. Standards and Requirements Area 2.2
          3. Standards and Requirements Area 2.3
          4. Standards and Requirements Area 2.4
          5. Standards and Requirements Area 2.5
        3. 11.4.6.3 Standards and Requirements Level 3 Overview
          1. Standards and Requirements Area 3.1
      7. 11.4.7 SSDL Touchpoints : Architecture Analysis
        1. 11.4.7.1 Architecture Analysis Level 1 Overview
          1. Architecture and Analysis Area 1.1
          2. Architecture and Analysis Area 1.2
          3. Architecture and Analysis Area 1.3
          4. Architecture and Analysis Area 1.4
        2. 11.4.7.2 Architecture Analysis Level 2 Overview
          1. Architecture and Analysis Area 2.1
          2. Architecture and Analysis Area 2.2
          3. Architecture and Analysis Area 2.3
        3. 11.4.7.3 Architecture Analysis Level 3 Overview
          1. Architecture and Analysis Area 3.1
          2. Architecture and Analysis Area 3.2
      8. 11.4.8 SSDL Touchpoints: Code Review
        1. 11.4.8.1 Code Review Level 1 Overview
          1. Code Review Area 1.1
          2. Code Review Area 1.2
          3. Code Review Area 1.3
        2. 11.4.8.2 Code Review Level 2 Overview
          1. Code Review Area 2.1
          2. Code Review Area 2.2
          3. Code Review Area 2.3
          4. Code Review Area 2.4
          5. Code Review Area 2.5
        3. 11.4.8.3 Code Review Level 3 Overview
          1. Code Review Area 3.1
          2. Code Review Area 3.2
          3. Code Review Area 3.3
      9. 11.4.9 SSDL Touchpoints: Security Testing
        1. 11.4.9.1 Security Testing Level 1 Overview
          1. Security Testing Area 1.1
          2. Security Testing Area 1.2
        2. 11.4.9.2 Security Testing Level 2 Overview
          1. Security Testing Area 2.1
          2. Security Testing Area 2.2
          3. Security Testing Area 2.3
        3. 11.4.9.3 Security Testing Level 3 Overview
          1. Security Testing Area 3.1
          2. Security Testing Area 3.2
          3. Security Testing Area 3.3
          4. Security Testing Area 3.4
      10. 11.4.10 Deployment: Penetration Testing
        1. 11.4.10.1 Penetration Testing Level 1 Overview
          1. Penetration Testing Area 1.1
          2. Penetration Testing Area 1.2
        2. 11.4.10.2 Penetration Testing Level 2 Overview
          1. Penetration Testing Area 2.1
          2. Penetration Testing Area 2.2
          3. Penetration Testing Area 2.3
        3. 11.4.10.3 Penetration Testing Level 3 Overview
          1. Penetration Testing Area 3.1
          2. Penetration Testing Area 3.2
      11. 11.4.11 Deployment: Software Environment
        1. 11.4.11.1 Software Environment Level 1 Overview
          1. Software Environment Area 1.1
          2. Software Environment Area 1.2
        2. 11.4.11.2 Software Environment Level 2 Overview
          1. Software Environment Area 2.1
          2. Software Environment Area 2.2
          3. Software Environment Area 2.3
        3. 11.4.11.3 Software Environment Level 3 Overview
          1. Software Environment Area 3.1
      12. 11.4.12 Deployment: Configuration Management and Vulnerability Management
        1. 11.4.12.1 Configuration Management and Vulnerability Management Level 1 Overview
          1. Configuration Management and Vulnerability Management Area 1.1
          2. Configuration Management and Vulnerability Management Area 1.2
        2. 11.4.12.2 Configuration Management and Vulnerability Management Level 2 Overview
          1. Configuration Management and Vulnerability Management Area 2.1
          2. Configuration Management and Vulnerability Management Area 2.2
          3. Configuration Management and Vulnerability Management Area 2.3
        3. 11.4.12.3 Configuration Management and Vulnerability Management Level 3 Overview
          1. Configuration Management and Vulnerability Management Area 3.1
          2. Configuration Management and Vulnerability Management Area 3.2
    6. 11.5 Measuring Results with BSIMM
    7. 11.6 Helpful Resources For Implementing BSIMM
    8. 11.7 Applying BSIMM to the Financial Services Domain
      1. 11.7.1 Working Group Methodology
    9. Summary
    10. 11.8 References
      1. Figure 11.1
      2. Figure 11.2
      3. Figure 11.3
      4. Figure 11.4
      5. Figure 11.5
      6. Figure 11.6
      7. Figure 11.7
      8. Figure 11.8
      9. Figure 11.9
      10. Figure 11.10
      11. Figure 11.11
      12. Figure 11.12
      13. Figure 11.13
      14. Figure 11.14
      15. Figure 11.15
      16. Figure 11.16
      17. Figure 11.17
      18. Figure 11.18
      19. Figure 11.19
  16. Chapter 12 Taking It to the Streets
    1. Chapter Overview
    2. 12.1 Getting Educated
      1. 12.1.1 DEVELOPER 522: Defending Web Applications
      2. 12.1.2 DEVELOPER 530: Essential Secure Coding in Java/JEE
      3. 12.1.3 DEVELOPER 541: Secure Coding in Java/JEE: Developing Defensible Applications
      4. 12.1.4 DEVELOPER 542: Web App Penetration Testing and Ethical Hacking
      5. 12.1.5 DEVELOPER 544: Secure Coding in .NET: Developing Defensible Applications
      6. 12.1.6 DEVELOPER 545: Secure Coding in PHP: Developing Defensible Applications
      7. 12.1.7 DEVELOPER 534: Secure Code Review for Java Web Apps
      8. 12.1.8 DEVELOPER 543: Secure Coding in C/C++: Developing Defensible Applications
      9. 12.1.9 Aspect Security Inc.
      10. 12.1.10 CERT Software Engineering Institute (SEI)
      11. 12.1.11 SEI Secure Coding in C and C++ Course
    3. 12.2 Getting Certified
      1. 12.2.1 Certified Secure Software Lifecycle Professional (CSSLP)
      2. 12.2.2 Why Obtain the CSSLP?
      3. 12.2.3 Benefits of Certification to the Professional
      4. 12.2.4 Benefits of Certification to the Enterprise
    4. 12.3 Getting Involved
      1. 12.3.1 Web Application Security Consortium
        1. 12.3.1.1 How to Contribute to WASC
        2. 12.3.1.2 WASC Projects
        3. 12.3.1.3 Web Security Articles
        4. 12.3.1.4 The Web Hacking Incidents Database
        5. 12.3.1.5 Web Application Security Scanner Evaluation Criteria
        6. 12.3.1.6 The Script Mapping Project
        7. 12.3.1.7 Web Security Glossary
        8. 12.3.1.8 WASC Threat Classification v2
        9. 12.3.1.9 Web Application Firewall Evaluation Criteria
        10. 12.3.1.10 Web Application Security Statistics
    5. 12.4 Reaching Out for Research
      1. 12.4.1 DHS Research Program Areas
      2. 12.4.2 The U.S. Treasury and the FSSCC
        1. 12.4.2.1 Challenge 1: Advancing the State of the Art in Designing and Testing Secure Applications
        2. 12.4.2.2 Desired Functionality
        3. 12.4.2.3 Potential Research Projects
    6. 12.5 Last Call
    7. 12.6 Conclusion
    8. 12.7 References
      1. Figure 12.1
      2. Figure 12.2
      3. Figure 12.3
      1. Table 12.1
  17. Glossary
  18. Appendix A 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
    1. Overview
    2. A.1 Brief Listing of the Top 25
      1. A.1.1 Insecure Interaction Between Components
      2. A.1.2 Risky Resource Management
      3. A.1.3 Porous Defenses
    3. A.2 Detailed CWE Descriptions
      1. A.2.1 CWE-79: Failure to Preserve Web Page Structure (“Cross-Site Scripting”)
      2. A.2.2 CWE-89: Improper Sanitization of Special Elements Used in an SQL Command (“SQL Injection”)
      3. A.2.3 CWE-120: Buffer Copy Without Checking Size of Input (“Classic Buffer Overflow”)
      4. A.2.4 CWE-352: Cross-Site Request Forgery (CSRF)
      5. A.2.5 CWE-285: Improper Access Control (Authorization)
      6. A.2.6 CWE-807: Reliance on Un-trusted Inputs in a Security Decision
      7. A.2.7 CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”)
      8. A.2.8 CWE-434: Unrestricted Upload of File with Dangerous Type
      9. A.2.9 CWE-78: Improper Sanitization of Special Elements Used in an OS Command (“OS Command Injection”)
      10. A.2.10 CWE-311: Missing Encryption of Sensitive Data
      11. A.2.11 CWE-798: Use of Hard-Coded Credentials
      12. A.2.12 CWE-805: Buffer Access with Incorrect Length Value
      13. A.2.13 CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (“PHP File Inclusion”)
      14. A.2.14 CWE-129: Improper Validation of Array Index
      15. A.2.15 CWE-754: Improper Check for Unusual or Exceptional Conditions
      16. A.2.16 CWE-209: Information Exposure Through an Error Message
      17. A.2.17 CWE-190: Integer Overflow or Wraparound
      18. A.2.18 CWE-131: Incorrect Calculation of Buffer Size
      19. A.2.19 CWE-306: Missing Authentication for Critical Function
      20. A.2.20 CWE-494: Download of Code Without Integrity Check
      21. A.2.21 CWE-732: Incorrect Permission Assignment for Critical Resource
      22. A.2.22 CWE-770: Allocation of Resources Without Limits or Throttling
      23. A.2.23 CWE-601: URL Redirection to Site (“Open Redirect”)
      24. A.2.24 CWE-327: Use of a Broken or Risky Cryptographic Algorithm
      25. A.2.25 CWE-362: Race Condition
  19. Appendix B Enterprise Security API
    1. Overview
    2. B.1 Interface Encoder
    3. B.2 Interface User
    4. B.3 Interface Authenticator
    5. B.4 Interface AccessController
    6. B.5 Interface AccessReferenceMap
    7. B.6 Interface Encryptor
    8. B.7 Interface HTTPUtilities
    9. B.8 Interface Logger
      1. Figure B.1
      2. Figure B.2
      3. Figure B.3
      4. Figure B.4
      5. Figure B.5
      6. Figure B.6
      7. Figure B.7
      8. Figure B.8

Product information

  • Title: Secure and Resilient Software Development
  • Author(s): Mark S. Merkow, Lakshmikanth Raghavan
  • Release date: June 2010
  • Publisher(s): Auerbach Publications
  • ISBN: 9781498759618