Price 2590 + VAT
DURATION 2 Days

Course Overview

“From threats to code” is a concentrated, fast-moving, introduction to developing secure code for the entire software development team from program manager to implementation engineer.
We introduce a threat-analytic approach based on understanding what threats really count and in the second day, we dive into right software security assessment and secure coding to mitigate threats such as Shellcode and buffer overflow attacks.

Who should attend?

If you develop software products that attach to a network – products such as medical devices, SaaS applications or mobile medical apps – you should attend.

Prerequisite:

Participants will have a solid understanding of TCP/IP networking, and be proficient in at least one programming language – C/C++, C#, PHP, Java or JavaScript.

Course Outline:

Day 1 – An Introduction to threat modeling and analysis

1. Ideology
• Why bother modeling?
• Why security defenses don’t work
• Why risk management is broken
• Bridging the valley of death between IT and security
• A secure SDLC (software development life-cycle) for an unsecure world

2. Security metrics
• Escaping the hamster wheel of pain
• Defining security metrics

– What makes a good metric, bad metric, what is not a metric?
– Modelers versus measurers

3. How to measure anything
• Asset valuation
• Threat damage to asset
• Probability of occurrence

4. Threat modeling and analysis objectives and drivers
• Qualitative or quantitative?
• Is there ROI on security?
• Compliance drivers: Industry, Government, Vendor-neutral standards

5. Threat modeling building blocks
• Threats / attack scenarios
• Assets
• Vulnerabilities
• Countermeasures

– Encryption
– Network monitoring
– Auditing activity logs and data flows
– Input validation
– Error handling

6. Analyzing your threat model and building a cost-effective security countermeasure plan

7. Pulling it all together – A class exercise

8. Software vulnerability fundamentals
• Vulnerabilities

– Security Policies
– Security expectations

• Classifying vulnerabilities

– Design vulnerabilities
– Implementation vulnerabilities
– Operational vulnerabilities
– Gray areas

• Common threads

– Input and data flow
– Trust relationships
– Assumptions and misplaced trust
– Interfaces
– Environmental attacks
– Exceptional conditions

 

Day 2 – An Introduction to secure coding

1. Design review (continuing from Software vulnerability fundamentals, Day 1)
• Software design fundamentals

– Algorithms
– Abstraction and decomposition
– Trust relationships
– Principles of software design
– Fundamental design flaws

• Enforcing security policy

– Authentication
– Authorization
– Accountability
– Confidentiality
– Integrity
– availability

• Threat modeling of software

– Data collection
– Attack trees
– Prioritizing

2. Operational review
• Exposure

– Attack surface
– Insecure defaults
– Access control
– Unnecessary services
– Secure channels
– Spoofing
– Network profiles

• Countermeasures

– Development-based
– Host-based
– Network-based

3. Software vulnerabilities
• Buffer overflows

– Process memory layout
– Stack overflows
– Off-by-one errors
– Heap overflows
– Global and static data overflows

• Shellcode

– Writing the code
– Finding your code in memory

• Protection mechanisms

– Stack cookies
– Heap hardening
– Non-executable stack and help protection

• Address space layout

– Randomization
– SafeSEH
– Function pointer obfuscation

4. Windows objects and the file system
• Processes and threads

– Process loading
– ShellExecute and ShellExecuteEx
– DLL loading
– Services

• File access

– File permissions
– File IO API
– Links

5. Windows messaging
• Window messages
• Shatter attacks

6. Network vulnerabilities in practice
• TCP connections, an overview
• TCP streams

– TCP spoofing
– Connection fabrication
– Connection tampering
– Blind reset attacks
– Blind data injection attacks
– TCP segment fragmentation spoofing

7. Summary

Close Menu