Course Overview
We introduce a threat-analytic approach based on understanding what threats really count and in the second day, we dive into right software security assessment and secure coding to mitigate threats such as Shellcode and buffer overflow attacks.
Who should attend?
If you develop software products that attach to a network – products such as medical devices, SaaS applications or mobile medical apps – you should attend.Prerequisite:
Course Outline:
Day 1 – An Introduction to threat modeling and analysis
1. Ideology
• Why bother modeling?
• Why security defenses don’t work
• Why risk management is broken
• Bridging the valley of death between IT and security
• A secure SDLC (software development life-cycle) for an unsecure world
2. Security metrics
• Escaping the hamster wheel of pain
• Defining security metrics
3. How to measure anything
• Asset valuation
• Threat damage to asset
• Probability of occurrence
4. Threat modeling and analysis objectives and drivers
• Qualitative or quantitative?
• Is there ROI on security?
• Compliance drivers: Industry, Government, Vendor-neutral standards
5. Threat modeling building blocks
• Threats / attack scenarios
• Assets
• Vulnerabilities
• Countermeasures
– Network monitoring
– Auditing activity logs and data flows
– Input validation
– Error handling
6. Analyzing your threat model and building a cost-effective security countermeasure plan
7. Pulling it all together – A class exercise
8. Software vulnerability fundamentals
• Vulnerabilities
– Security expectations
• Classifying vulnerabilities
– Implementation vulnerabilities
– Operational vulnerabilities
– Gray areas
• Common threads
– Trust relationships
– Assumptions and misplaced trust
– Interfaces
– Environmental attacks
– Exceptional conditions
Day 2 – An Introduction to secure coding
1. Design review (continuing from Software vulnerability fundamentals, Day 1)
• Software design fundamentals
– Abstraction and decomposition
– Trust relationships
– Principles of software design
– Fundamental design flaws
• Enforcing security policy
– Authorization
– Accountability
– Confidentiality
– Integrity
– availability
• Threat modeling of software
– Attack trees
– Prioritizing
2. Operational review
• Exposure
– Insecure defaults
– Access control
– Unnecessary services
– Secure channels
– Spoofing
– Network profiles
• Countermeasures
– Host-based
– Network-based
3. Software vulnerabilities
• Buffer overflows
– Stack overflows
– Off-by-one errors
– Heap overflows
– Global and static data overflows
• Shellcode
– Finding your code in memory
• Protection mechanisms
– Heap hardening
– Non-executable stack and help protection
• Address space layout
– SafeSEH
– Function pointer obfuscation
4. Windows objects and the file system
• Processes and threads
– ShellExecute and ShellExecuteEx
– DLL loading
– Services
• File access
– File IO API
– Links
5. Windows messaging
• Window messages
• Shatter attacks
6. Network vulnerabilities in practice
• TCP connections, an overview
• TCP streams
– Connection fabrication
– Connection tampering
– Blind reset attacks
– Blind data injection attacks
– TCP segment fragmentation spoofing
7. Summary