Writing Secure Code

Writing Secure Code

Michael Howard, David LeBlanc

Language: English

Pages: 477

ISBN: 0735615888

Format: PDF / Kindle (mobi) / ePub


Writing Secure Code" covers the major aspects of creating secure applications through the entire development process. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory, and techniques they need to take the right actions to ensure security.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

skills in-house, hire a security consulting company that offers quality, real-world training courses to upskill your employees. Important There are two aspects to security training. The first is to teach people about security issues so that they can look over their current product and find and fix security bugs. However, the ultimate and by far the most important goal of security education is to teach people not to introduce security flaws into the product in the first place! C02617228.fm Page

Details about Amoroso’s book can be found in the bibliography of this book. The idea behind threat trees is that an application is composed of threat targets and that each target could have vulnerabilities that when successfully C04617228.fm Page 87 Friday, October 25, 2002 4:41 PM Chapter 4 Threat Modeling 87 attacked could compromise the system. The threat tree describes the decisionmaking process an attacker would go through to compromise the component. When the decomposition process

gives you an inventory of application components, you start identifying threats to each of those components. Once you identify a potential threat, you then determine how that threat could manifest itself by using threat trees. Threats, Vulnerabilities, Assets, Threat Targets, Attacks, and Motives A threat to a system is a potential event that will have an unwelcome consequence if it becomes an attack. A vulnerability is a weakness in a system, such as a coding bug or a design flaw. An attack

you to build a severity matrix that will help you prioritize how to deal with the issues you uncover. Path Analysis: Breaking a Camel’s Back with Many Straws You’ll frequently find that a number of seemingly small vulnerabilities can combine to become a very large problem. If you’re dealing with a complex system, you need to examine all of the paths from which you can arrive at a certain point in your data flow diagram. In engineering, a system is determined to be nonlinear if you can have

it or turning off its power) or using attack techniques to make it inaccessible (via DNS hijacking or flooding the computer). Threat #2 Upload rogue Web page(s) and 2.1 Authentication is insecure 2.2 Authorization is insecure 2.1.2 Administrative security error 2.2.1 Administrative security error The default is secure The default is secure Figure 4-10 F04GO10 Threat tree for Threat #2. 2.3 Bribe authorized Web developer or admin If this is true, we have bigger issues! 2.4 Compromise

Download sample

Download