80 lines
3.5 KiB
Markdown
80 lines
3.5 KiB
Markdown
Subtopics: Malicious Software, Attacks on Web Applications, Secure System Development
|
|
|
|
# How Computers Get Compromised:
|
|
|
|
- Accessing malicious or infected websites
|
|
- Downloading and installing malware from websites
|
|
- Executing attachments to emails containing exploits and malware
|
|
- Plugging in external devices infected with malware
|
|
- Installing malware/infected software from media
|
|
- Direct attacks from the internet exploiting vulnerabilities in OS or applications
|
|
- Through delivery chain, during assembly or shipment
|
|
|
|
## Malware Types:
|
|
|
|
- Backdoor/Trapdoor
|
|
- Logic bomb
|
|
- Trojan horse
|
|
- Worm
|
|
- Virus (polymorphic, metamorphic)
|
|
- Stealth virus
|
|
- Exploit
|
|
|
|
## Exploits:
|
|
|
|
- Exploit software/hardware vulnerability
|
|
- Carried in common data formats like PDF, office documents, media files
|
|
- Contains corrupt data types
|
|
- Causes unintended behavior on computers
|
|
|
|
## Backdoor/Trapdoor:
|
|
|
|
- Provides remote control capabilities
|
|
- Can reside on the system for long periods before being used
|
|
- Installed by exploit or user (tricked into installing malicious program)
|
|
- Can be installed during design for testing purposes, posing a threat if left in production software
|
|
|
|
# The Cyber Kill Chain (Hutchins Et Al., 2011):
|
|
|
|
- Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command & Control (C&C), Action/Exfiltration
|
|
- Timescale for each phase varies from days, months, hours to seconds.
|
|
- Recon; Weaponisation; Delivery; Exploitation; Installation; Command & Control; Action/Exfil
|
|
|
|
## Web Application Security Challenge:
|
|
|
|
- Firewall, App Server, Web Server, Hardened OS, Databases, Legacy Systems, Web Services, Directories, Human Resources, Billing, Custom-Developed Application Code
|
|
- Network layer and application layer security are crucial
|
|
|
|
# Application Attacks
|
|
|
|
- Application attacks bypass traditional network security measures like firewalls
|
|
|
|
## SQL (Structured Query Language):
|
|
|
|
- Interface to relational databases
|
|
- Used for inserting, updating, deleting, and retrieving data in a database
|
|
|
|
### SQL Injection:
|
|
|
|
- Databases system misinterpretation of input data
|
|
- Attacker disguises SQL commands as data input
|
|
- Vulnerability exists when web application fails to sanitise data input before sending it to the database
|
|
- Preventing SQL Injection and XSS: Validate all user-entered parameters, escape questionable characters, hide information about error handling
|
|
|
|
## Broken Authentication and Session Management:
|
|
|
|
- User authentication does not necessarily provide continuous assurance
|
|
- Insecure implementation of session control with a static session ID passed in the URL
|
|
- Recommendations for session IDs (OWASP)
|
|
|
|
## OWASP Top-10 Web Application Risks (as of 2017):
|
|
|
|
- Injection, Broken Authentication, Sensitive Data Exposure, XML External Entity (XXE), Security Misconfiguration, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring, Underprotected APIs
|
|
|
|
## Waterfall SDLC vs. Agile Software Development vs. Secure Agile:
|
|
|
|
- Waterfall SDLC: Sequential phases (Design, Requirements, Implementation, Verification, Maintenance)
|
|
- Agile Software Development: Iterative sprint cycles based on user stories
|
|
- Secure Agile: Includes additional security steps during project startup, each sprint cycle, and final test and validation
|
|
- Threat modeling in Secure Agile: Identify, analyze, and describe relevant threats using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
|