|
Provided by: Security University QSSE Qualified Software Security Expert 5-day BootcampTraining, Instruction and Documentation |
 |
|
|
||||||||||
Common Software Coding and Design Errors and Flaws
Students will learn about the range of software development errors and flaws that create application security, reliability, availability and confidentiality failures. Specifically in this section we will deal with those vulnerabilities that are common across language implementations (C, C and Java). For each vulnerability type, the course will cover real-world examples illustrated in code - of failures along with methods to find, fix and prevent each type of flaw.
PART A
System-Level
- Accepting Arbitrary Files as Parameters; Default or Weak Passwords; Permitting Relative and Default Paths
- Administrative, Software and Service Back Doors; Dynamic Linking and Loading; Shells, Scripts and Macros
Data Issues
- Parsing Problems
- Integer Overflows
Information Disclosure
- Storing Passwords in Plain Text
- The Swap File and Incomplete Deletes
- Creating Temporary Files
- Leaving Things in Memory
- Weakly-Seeded Keys and Random Number Generation
On the Wire
- Trusting the Identity of a Remote Host (Spoofing)
- Volunteering Too Much Information
- Proprietary Protocols
- Loops, Self References and Race Conditions
Tools
II. Web Vulnerabilities .
The web is different. We will address common web vulnerabilities, how to find them, how to prevent them.
Web sites
- Cross Site Scripting; Forceful Browsing; Parameter Tampering;
- Cookie Poisoning; Trusting SSL; Hidden Field Manipulation;
- SQL Injection; Security on the Client; Trusting the Domain Security Model
III. Defensive Coding Principles
This section is designed to educate developers and testers on the general principles of secure coding. This includes a historical perspective on software failure, when good design goes bad, and 18 defensive coding principles to live by.
IV. Security Testing and Quality Assurance
This includes the difference between functional and security testing, understanding and application's entry points, and spotting three classes of security bugs: dangerous inputs, rigged environment and logic vulnerabilities.
Each section will have an in depth hands on lab
PART B
Gathering information on the target
- How web apps are built
- Attack 1: Looking for information in HTML comments
- Attack 2: Guessing filenames and directories
- Attack 3: Vulnerabilities in example applications
Tools and Threats.
Attacking the client
- The need for a rich UI
- Attack 4: Selections outside of ranges
- Attack 5: Client side validation
- Fault Injection and Fuzzing
- Java security managers, policy files, and JAAS
- ASP. NET Security
- XOR, Base64 and Garbage Data Obfuscation
- Session fixation
- Advanced SQL Injection
- Oracle PL/ SQL Injection
- .Net Security tokens, XML signature, XML canonicalization, and XML encryption
- .Net WS-Trust and WS-SecureConversation
- Error Control Verbosity Abuse
A attacking State
- Why state is important
- Attack 6: Hidden fields
- Attack 7: cgi parameters
- Attack 8: cookies
- Attack 8: Forceful browsing
- Attack 9: session hijacking
Attacking Data
- Attack 10: Cross-site scripting
- Attack 11: SQL Injection
- Attack 12: Directory traversal
- Attack 13: Buffer overflows
- Attack 14: Canonicalization
- Attack 15: Null-string attacks
Attacking the server
- Attack 17: SQL injection II stored procedures
- Attack 18: Command injection
- Attack 19: fingerprinting the server
- Attack 20: Death by 1, 000 cuts (DOS)
- Attack 19: Fake cryptography
- Attack 20: Breaking basic authentication
- Attack 21: Cross Site Tracing
- SQL Server: Exploitation and Defense
- Network Transmission Security with the JSSE API/ SSL
Web Services
- Moving to web services
- Common Attacks
- Constraints on input and output
- Attack 22: web services specific attacks
- Code Origin Access Control Methods
- WS Security, XKMS, and WS-I Basic security profile
- SecureXML Libraries
- Privilege Escalation Opportunities
- Race Conditions
- Cross Site Scripting Injection
- .Net Secure Remoting
- Windows Forms Security
- Securely Maintaining Session State Best Practices
Privacy
- Who you are, where have you been
- Methods for gathering data
Tool support
- A review of web security/ vulnerability scanning tools
- Introduction to HolodeckWeb/ WebGoat form the OWASP WebGoat Project / Web Scarab from the OWASP WebScarab Project
Hands-on lab attacking vulnerable targets
PART C
- A step by step methodology and models for effective software testing
- A plan for on-the-fly testing
- How to develop an insight to find those hard-to-find bugs
- How to attack Inputs and Outputs from the User Interface
- How to attack Data and Computation from the User Interface
- How to attack the File System Interface
- How to attack the Software/ OS Interface
- How to use tools to inject faults for File System and OS testing
Live vulnerability and exploit tour This is the core of the class. In this section, attendees will go through a wide range of software vulnerabilities and labs to show sample exploits of these vulnerabilities live. Labs include: cross-site scripting, SQL injection, buffer overflows, format string vulnerabilities, and many others software vulnerabilities. Attendees gain awareness and key insights into these vulnerability type, the ease with which the attacker community can exploit them and what to do to prevent these critical attacks. check out the OWASP Top Ten Project
You'll use open source tools from OWASP in class - OWASP Tools Project
Tools and Threats. The threat is growing and so is the number of tools that lower the bar for attackers. This section takes the attendees inside the underground world of the attacker tools.
Thinking Like the Attacker: Threat Modeling. A critical step in securing software or system is to methodically think through threats. In this section we present several techniques for threat modeling and also walk the audience through the process of modeling threats against several systems.
Incorporating Threats Into Software/ System Design, Development, Testing and Deployment. By thinking about threats at each stage of the development lifecycle, we can make software and systems that are more resilient to attack. Attendees will walk away with an introduction to tools and techniques to build security in.
We sneak in Reverse Engineering too
