SE205 - Unit 5: Secure Computing: Software Design, Web Security & Firewalls

Glossary of Terms

Represents all the points (entry points) where an unauthorized user (attacker) can try to enter data to or extract data from an environment or system. Minimizing ASA is a key secure design principle.

A web security vulnerability where authentication and session management functions are implemented incorrectly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users' identities.

A trial-and-error method used to obtain information such as a user password or PIN. In an authentication context, it involves systematically checking all possible passwords or keys until the correct one is found.

A secure design principle stating that every access request to any system resource must be fully authenticated and authorized every single time, without exception. No access decisions should rely on cached permissions.

A type of cyberattack where stolen account credentials (usernames/passwords) typically obtained from a data breach are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.

A type of web security vulnerability that allows an attacker to inject malicious scripts (usually JavaScript) into content from otherwise trusted websites, which are then executed in the victim's browser. Can be used to steal session tokens, deface websites, or redirect users.

An extension of DevOps principles that integrates security practices within the DevOps process ("shifting security left"). Security as Code (SaC) is a key enabler.

A secure design principle dictating that systems should default to a secure state when an error or failure occurs, rather than exposing vulnerabilities or sensitive information. Error messages should be generic and not leak internal details.

A network security device (hardware or software) that monitors and filters incoming and outgoing network traffic based on predetermined security rules, establishing a barrier between a trusted internal network and untrusted external networks.

A fundamental security principle requiring that users, programs, or processes are granted only the minimum levels of access – or permissions – necessary to perform their required functions.

A secure design principle focused on reducing the number of potential entry points for attackers by limiting code, services, open ports, APIs, and features to only what is essential.

An advanced type of firewall that goes beyond traditional packet filtering and stateful inspection by incorporating features like application awareness, intrusion prevention (IPS), and deep packet inspection (DPI).

The simplest type of firewall (First Generation). It inspects individual packets based on information in the network/transport layer headers (IP addresses, ports, protocols) and allows or blocks them based on static rules.

Acts as an intermediary (gateway) between internal users and external servers (or vice versa). It inspects traffic at the application layer and can provide more granular control and caching. (Third Generation concept).

A type of proxy server that sits in front of web servers and forwards client (e.g., web browser) requests to those web servers. Often used for load balancing, caching, SSL encryption/decryption, and security (as in WAFs).

An approach to software development that seeks to design software from the beginning to be secure, embedding security measures early in the lifecycle rather than adding them later.

A secure design principle mandating that the default configuration of a system should be the most secure configuration possible, minimizing risk for users who do not change settings.

The practice of codifying and automating security controls, policies, and processes within the software development lifecycle, often as part of a DevSecOps approach. Uses scripts, templates, and automated tools.

A security principle that prevents any single individual or component from having excessive privileges that could lead to misuse or error. Involves dividing tasks and associated privileges among multiple users or systems.

An attack technique that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable session ID.

An attack where an attacker takes over a valid user session to gain unauthorized access to a system or service. This often involves stealing or predicting a valid session token.

A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g., to dump database contents). Often occurs via user input fields.

A process that integrates security practices and considerations into each phase of the traditional software development lifecycle (planning, design, coding, testing, deployment, maintenance) to build more secure applications from the outset.

A firewall technology (Second Generation) that monitors the state of active network connections (e.g., TCP streams) and uses this context to determine which network packets should be allowed through the firewall. More advanced than packet filtering.

A specific type of firewall that filters, monitors, and blocks HTTP/S traffic to and from a web application. It sits in front of web apps (often as a reverse proxy) and protects against application-layer attacks like XSS, SQL injection, and cookie poisoning.

Key Concepts & Examples from Unit 5

Secure Software Design & Programming

SSDLC (Secure Software Development Life Cycle)

Ensures software is built with security considered from the beginning.

  • Integrates security into planning, designing, coding, testing, deploying, and maintaining phases.
  • Aims to identify and fix issues early, reducing cyber risk.
  • Creates safer, more trustworthy applications.
SDLC vs SSDLC Comparison
Standard SDLC vs. Secure SDLC (SSDLC)

Key Principles of Secure SDLC

  • Security by Design: Integrate security requirements early in planning/design.
  • Continuous Monitoring: Ongoing security checks and issue resolution.
  • Risk Assessment: Identify, prioritize, and mitigate security risks.
  • Education and Training: Developers need comprehensive security training.
  • Collaboration: Teamwork encourages shared security goals and knowledge sharing.

7 Principles of Secure Design

  1. Security as Code (SaC): Automate security practices (policy enforcement, vulnerability scanning, remediation) using scripts and templates within the development lifecycle (DevSecOps).
  2. Secure Defaults: Configure systems to be secure by default (e.g., strong passwords required, unnecessary services off). Example: Modern WordPress vs older versions.
  3. Least Privilege: Grant users and system components only the minimum permissions necessary to function. Use Role-Based Access Control (RBAC) and regular audits.
  4. Separation of Duties (SoD): Divide critical tasks and privileges to prevent unilateral misuse. Example: Developer writes code, separate person/system deploys to production.
  5. Minimize Attack Surface Area (ASA): Limit potential entry points by reducing non-essential code, services, ports, and API endpoints. Close unused ports, avoid overly generic APIs.
  6. Complete Mediation: Authenticate and authorize *every* access request to *every* resource, every time. Example: Microservices validating user permissions on each API call, even after initial gateway authentication.
  7. Failing Securely: Ensure systems default to a secure state upon failure. Avoid leaking sensitive information in error messages. Example: Generic "Authentication Failed" message instead of "Incorrect Password".

Best Practices for Secure Software Development (Summary from Slide 18)

  • Create a Secure Development Policy.
  • Address Vulnerabilities Promptly.
  • Remain Agile and Active (Adapt to new threats).
  • Monitor and Respond to Threats.
  • Use a Secure Software Framework.
  • Have Secure Coding Guidelines/Standards.
  • Protect Code Integrity (e.g., version control security).
  • Conduct Security Awareness Training.
  • Keep Software/Systems Updated (Patching).
  • Run Code Reviews and Test Early/Often.

Web Application Security

Principles (CIA applied to Web)

  • Authentication: Verifying user identity.
  • Confidentiality: Protecting data from unauthorized access (e.g., using HTTPS).
  • Integrity: Ensuring data hasn't been tampered with.
  • Availability: Ensuring the application is accessible to authorized users.

Common Threats & Vulnerabilities

  • SQL Injection (SQLi):
    • Injecting malicious SQL code via input fields to manipulate database queries.
    • Can destroy database, steal data, bypass authentication.
    • Prevention: Filter database inputs (input validation, parameterized queries/prepared statements), restrict database permissions, monitor queries.
      • SQL Injection Example Flow
      SQL Injection Attack Flow
  • Cross-Site Scripting (XSS):
    • Injecting malicious client-side scripts (e.g., JavaScript) into web pages viewed by other users.
    • Allows attacker to hijack user sessions, deface sites, steal credentials, redirect users.
    • Typically exploits flaws where user input is not properly sanitized before being displayed.
      • XSS Attack Flow
      Cross-Site Scripting (XSS) Attack Flow
  • Broken Authentication:
    • Flaws in identity/access control implementation allowing attackers to compromise accounts.
    • Risk Factors: Predictable credentials, storing credentials insecurely, exposing session IDs (e.g., in URL), session IDs not expiring/invalidating on logout, sessions not rotated after login, sending credentials unencrypted.
    • Attack Types: Brute Force, Credential Stuffing, Session Hijacking, Session Fixation.
    • Prevention: Disallow weak passwords, enforce MFA, protect stored credentials (hashing/salting), secure session management (HTTPS only cookies, invalidate on logout, rotate IDs), follow Least Privilege.
      • Types of Broken Authentication Attacks
      Types of Broken Authentication Attacks
      Tips to Prevent Broken Authentication
      Tips to Prevent Broken Authentication

Firewalls

Overview

  • Network security device (HW/SW) monitoring and controlling traffic based on rules.
  • Establishes barrier between trusted (internal) and untrusted (external) networks.
  • Inspects packets, allows/blocks based on criteria (IPs, ports, protocols).
  • Protects against external threats (viruses, DoS) and internal threats (data exfiltration).
Firewall Placement Diagram
Typical Firewall Placement (WAN/LAN Barrier)

Types / Generations

  • Packet-Filtering (Gen 1): Basic, checks headers based on static rules. No connection state awareness.
  • Stateful Inspection (Gen 2): Tracks connection state (TCP handshake). Allows return traffic for established connections.
  • Proxy Firewall (Application Gateway - Gen 3 concept): Acts as intermediary, inspects at application layer. Can be slow.
  • Next-Generation Firewall (NGFW - Gen 4): Adds application awareness, IPS, DPI, threat intelligence feeds. More advanced inspection.
Firewall Generations Comparison
Firewall Generations Overview

Web Application Firewall (WAF)

  • Specialized firewall protecting web applications from application-layer attacks (XSS, SQLi, etc.).
  • Filters, monitors, blocks malicious HTTP/S traffic.
  • Operates as a reverse proxy, sitting in front of web servers.
  • Uses policies (rulesets) to identify malicious traffic. Some use ML for automatic updates.
  • Can also provide caching to improve performance.

Fill in the Blank Questions

True/False Questions

Multiple Choice Questions