by Phil Martin
SHARKS
in the MOAT
How to Create
Truly Secure Software
Phil Martin
Nearsighted Ninja
Look for the audio version of
this book on audible.com!
SHARKS in the MOAT
Copyright © 2018 by Nonce Corp. Printed in the United States of America. All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher.
All trademarks or copyrights mentioned herein are the possession of their respective owners and Nonce Corp makes no claim of ownership by the mention of products that contain these marks.
ISBN: 9781792129124
Information has been obtained by Nonce Corp from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, Nonce Corp does not guarantee the accuracy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.
Contents - Overview
About This Book
Introduction
What Exactly is a ‘Moat Shark’?
What Does ‘Secure Software’ Mean?
Who Is the Typical Attacker?
TLS vs. SSL
Section 1: Castle Warfare
Chapter 1: Outer Defenses
Chapter 2: Wall Defenses
Chapter 3: Defending the Gateways
Chapter 4: Other Defenses
Chapter 5: The Attack
Chapter 6: Types of Security Controls
Section 2: Core Security Concepts
Chapter 7: Quality Attributes
Chapter 8: Holistic Security
Chapter 9: A Good Security Profile
Chapter 10: Confidentiality
Chapter 11: Encryption
Chapter 12: Integrity
Chapter 13: Business Continuity
Chapter 14: Service Level Agreements
Chapter 15: Availability
Chapter 16: Authentication
Chapter 17: Authorization
Chapter 18: Accountability
Chapter 19: Least Privilege
Chapter 20: Separation of Duties
Chapter 21: Defense in Depth
Chapter 22: Fail Secure
Chapter 23: Economy of Mechanisms
Chapter 24: Complete Mediation
Chapter 25: Open Design
Chapter 26: Least Common Mechanisms
Chapter 27: Psychological Acceptability
Chapter 28: Weakest Link
Chapter 29: Leveraging Existing Components
Chapter 30: The Attack Surface
Chapter 31: OWASP
Chapter 32: Controls
Chapter 33: Open Systems Interconnection Reference Model
Section 3: Secure Software Development
Chapter 34: The DevOps Role
Chapter 35: The Infrastructure Role
Chapter 36: The DBA Role
Chapter 37: The Development Role
Chapter 38: The Product Role
Chapter 39: The Architect Role
Chapter 40: The Engineering Management Role
Chapter 41: The Testing Role
Chapter 42: The Project Role
Chapter 43: The Security Role
Chapter 44: The Change Management Role
Chapter 45: The Auditor Role
Section 4: Secure Supply Chain Management
Chapter 46: Acquisition Models
Chapter 47: Threats to Supply Chain Software
Chapter 48: Software Supply Chain Risk Management (SCRM)
Chapter 49: Acquisition Lifecycle
Chapter 50: Step 1 - Planning
Chapter 51: Step 2 - Contracting
Chapter 52: Step 3 - Development and Testing
Chapter 53: Step 4 - Acceptance
Chapter 54: Step 5 - Delivery
Chapter 55: Step 6 - Deployment
Chapter 56: Step 7 - Operations and Monitoring
Chapter 57: Step 8 - Retirement
Index
Contents - Details
About This Book
Introduction
What Exactly is a ‘Moat Shark’?
What Does ‘Secure Software’ Mean?
Who Is the Typical Attacker?
TLS vs. SSL
Section 1: Castle Warfare
Chapter 1: Outer Defenses
Concentric Walls
The Weakest Link
The Attack Surface
The Courtyard
The Drawbridge
Secrets and Distracting the Enemy
New Builds and Maintenance Duties
Chapter 2: Wall Defenses
Soldiers on Walls
Monitoring
Compensating for Weaknesses
High Cohesion and Low Coupling
Accountability and Non-Repudiation
Single Responsibility
Chapter 3: Defending the Gateways
Infiltration
Identity, Authentication and Authorization
Least Privilege, Deny First, and Separation of Duties
Failing Secure
Economy of Mechanisms
Psychological Acceptability
Hidden Messages
Chapter 4: Other Defenses
Help from the Outside
Leveraging Existing Components
Chapter 5: The Attack
Taking Down the Wall
The Attack from Within
The Final Battle for the Keep
When All Else Fails…
Chapter 6: Types of Security Controls
Deterrent Controls
Preventative Controls
Detective Controls
Compensating Controls
Corrective Controls
Recovery Controls
Section 2: Core Security Concepts
Chapter 7: Quality Attributes
Chapter 8: Holistic Security
Chapter 9: A Good Security Profile
Chapter 10: Confidentiality
Chapter 11: Encryption
Key Elements of Encryption Systems
Hashing
Quantum Cryptography
Symmetric vs. Asymmetric
Public Key Systems
Digital Signatures
Asymmetric Weaknesses
Chapter 12: Integrity
Chapter 13: Business Continuity
Chapter 14: Service Level Agreements
Chapter 15: Availability
Chapter 16: Authentication
Chapter 17: Authorization
Chapter 18: Accountability
Chapter 19: Least Privilege
Chapter 20: Separation of Duties
Chapter 21: Defense in Depth
Chapter 22: Fail Secure
Chapter 23: Economy of Mechanisms
Chapter 24: Complete Mediation
Chapter 25: Open Design
Chapter 26: Least Common Mechanisms
Chapter 27: Psychological Acceptability
Chapter 28: Weakest Link
Chapter 29: Leveraging Existing Components
Chapter 30: The Attack Surface
Chapter 31: OWASP
Chapter 32: Controls
Chapter 33: Open Systems Interconnection Reference Model
Protocol
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Section 3: Secure Software Development
Chapter 34: The DevOps Role
Environments
Secure Build Environments
Building
Installation and Deployment
Hardening
Configuration
Bootstrapping and Secure Startup
Chapter 35: The Infrastructure Role
Operational Requirements
CONOPS
Deployment Environment
Archiving
Anti-Piracy
Pervasive and Ubiquitous Computing
Embedded Systems
Operations and Maintenance
Monitoring
Incident Management
Problem Management
Change Management
Backups, Recovery and Archiving
Disposal
End-of-Life Policies
Sun-Setting Criteria
Sun-Setting Processes
Information Disposal and Media Sanitization
Electronic Social Engineering
Chapter 36: The DBA Role
Inference and Aggregation
Polyinstantiation
Database Encryption
Normalization
Triggers
Views
Privilege Management
Chapter 37: The Development Role
Computer Architecture
Evolution of Programming Languages
The History
Compiled Languages
Interpreted Languages
Hybrid Languages
Programming Language Environment
Selecting the Right Programming Language
Primitive Data Types
Unmanaged vs. Managed Code
Encryption
Hashing
The One-Time Pad
Core Programming Concepts
Unit Testing
Software Vulnerabilities and Mitigation Options
Client Vulnerabilities
Network Vulnerabilities
System Vulnerabilities
Code Vulnerabilities
Code Reviews
Chapter 38: The Product Role
Threat Modeling
Threat Sources and Agents
Prerequisites
The Process
Data Classification
Regulations, Privacy and Compliance
Significant Regulations and Privacy Acts
Privacy and Software Development
Chapter 39: The Architect Role
The Need for Secure Design
Software Assurance Methodologies
Socratic Methodology
Six Sigma (6 σ)
Capability Maturity Model Integration (CMMI)
Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
STRIDE
DREAD
Open Source Security Testing Methodology Manual (OSSTMM)
Flaw Hypothesis Method (FHM)
Operating Systems
Input/Output Device Management
CPU Architecture Integration
Operating System Architectures
Address Space Layout Randomization (ASLR)
Data Execution Prevention (DEP), and Executable Space Protection (ESP)
System Security Architecture
Security Architecture Requirements
Access Control Models
Security Models
Interface Design
Services
Web Services
Service Oriented Architecture (SOA)
Enterprise Services Bus (ESB)
Encryption
Certificate and Registration Authorities
X.509
Key Scalability
Applying Encryption in the Real World
Virtualization
Cloud Computing
Rich Internet Applications
Mobile Applications
Technologies
Authentication
Identity Management
Credential Management
Flow Control
Code Analysis
Chapter 40: The Engineering Management Role
Versioning, or Configuration Management
Secure Software Implementation/Coding
Chapter 41: The Testing Role
Flaws vs. Bugs
Quality Assurance
Testing Artifacts
Types of Software QA Testing
Software Security Testing
Testing for Input Validation
Testing for Injection Flaws
Testing for Scripting Attacks
Testing for Non-Repudiation
Testing for Spoofing
Testing for Error and Exception Handling
Testing for Privilege Escalation
Anti-Reversing Protection
Tools for Security Testing
Test Data Management
Defect Reporting and Tracking
Reporting Defects
Tracking Defects
Impact Assessment and Corrective Action
Testing for Code Security
Chapter 42: The Project Role
Protection Needs Elicitation (PNE)
Brainstorming
Surveys
Policy Decomposition
Data Classification
Subject/Object Matrix
Use Case & Misuse Case Modeling
Requirements Traceability Matrix (RTM)
Guidelines for Software Acceptance
Completion Criteria
Approval to Deploy or Release
Documentation of Software
Verification and Validation (V&V)
Reviews
Testing
Certification and Accreditation (C&A)
Chapter 43: The Security Role
Security Standards
Internal Coding Standards
PCI DSS
Payment Application Data Security Standard (PA-DSS)
Organization for the Advancement of Structured Information Standards (OASIS)
NIST Standards
ISO Standards
Security Testing Methods
Attack Surface Validation
Motives, Opportunities, and Means
Cryptographic Validation
Scanning
Penetration Testing
Fuzzing
Intellectual Property (IP) Ownership and Responsibilities
Types of IP
Licensing (Usage and Redistribution Terms)
Technologies
Intrusion Detection Systems
Intrusion Protection System
Honeypots and Honeynets
Data Leakage Prevention
Anti-Malware
Chapter 44: The Change Management Role
Change Management
Risk Acceptance Policy and Exception Policy
Release Management
Chapter 45: The Auditor Role
Business Continuity
Annual Loss Expectancy, or ALE
Recovery Time Objective, or RTO
Recovery Point Objective, or RPO
Service Delivery Objective, or SDO
Maximum Tolerable Outage, or MTO, or MTD
Allowable Interruption Window, or AIW
Bringing It All Together
BCP, DRP and BIA
Auditing
Application Event Logs
Syslog
Digital Rights Management (DRM)
Section 4: Secure Supply Chain Management
Chapter 46: Acquisition Models
Chapter 47: Threats to Supply Chain Software
Chapter 48: Software Supply Chain Risk Management (SCRM)
Chapter 49: Acquisition Lifecycle
Chapter 50: Step 1 - Planning
Chapter 51: Step 2 - Contracting
Assessing the Organization
Assessing Processes
Assessing People
Response Evaluation
Contractual Controls
&n
bsp; Chapter 52: Step 3 - Development and Testing
Chapter 53: Step 4 - Acceptance
Chapter 54: Step 5 - Delivery
Chapter 55: Step 6 - Deployment
Chapter 56: Step 7 - Operations and Monitoring
Chapter 57: Step 8 - Retirement
Index
Figures
Figure 1: Defense-in-Depth
Figure 2: Midsecting Walls
Figure 3: Corbels
Figure 4: A Machicolation
Figure 5: The DMZ
Figure 6: Segmented Applications
Figure 7: Encapsulation
Figure 8: Castle Walls
Figure 9: Ingress and Egress Rules
Figure 10: Monitoring in the Middle Ages
Figure 11: IDS and IPS
Figure 12: A Longbow
Figure 13: A Crossbow
Figure 14: Weak Square Corners
Figure 15: Stronger Rounded Corners
Figure 16: The Disadvantage of High Coupling
Figure 17: The Advantage of Low Coupling
Figure 18: Implementing Least Common Mechanism
Figure 19: The Three Steps of Granting Access
Figure 20: How a Proxy Server Works
Figure 21: Fail Secure vs. Fail Safe
Figure 22: Poorly-Written Access Logic
Figure 23: Properly-Written Access Logic
Figure 24: The Relationship Between Code Complexity and Security
Figure 25: Medieval Version of Failover
Figure 26: Medieval Version of Load Balancing
Figure 27: The Three Ways to Get Past a Wall
Figure 28: The Three Layers of Defense Common in Castles
Figure 29: The Six Types of Security Controls
Figure 30: Holistic Security
Figure 31: The Iron Triangle
Figure 32: Relative cost of fixing code issues at different stages of the SDLC
Figure 33: Security Concepts
Figure 34: Confidentiality Protection Mechanisms
Figure 35: OWASP Top 10 Web Application Security Risks
Figure 36: Control Types and Effect
Figure 37: PCI DSS Compensating Controls Worksheet
Figure 38: The OSI Model and Common Protocols
Figure 39: Role Dependencies
Figure 40: Software Resiliency Levels Over Time
Figure 41: Characteristics of Metrics
Figure 42: Relationships between Events, Alerts and Incidents
Figure 43: Incident Response Steps
Figure 44: The Steps of Detection & Analysis
Figure 45: Seven Activities for Detection & Analysis Visualization Step
Figure 46: Relationships between Incident, Problem, Change and Release Management
Figure 47: The 5 Whys
Figure 48: Problem Management Process Flow
Figure 49: Root Cause Analysis using a Fishbone Diagram
Figure 50: Rapid Problem Resolution Steps
Figure 51: The Various Methods of Sanitization
Figure 52: Data Sanitization and Decision Flow