• Save
Secure Software
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Secure Software

  • 882 views
Uploaded on

Why & How to Secure Software

Why & How to Secure Software

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
882
On Slideshare
882
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Title slide The title slide is available as a ‘title master’ where the corporate signature is fixed. Pre-formatted placeholders are set into the master for editable text. Type in your title which is set in Arial 24pt. Slides should be used only as a prompt for the presenter. Header and Footers Placeholders for these have been inserted into the masters, and have been set to the same colour as the background (white). They are only apparent when printing black and white. They enable you to identify: 1. Slide or page number, 2. A copyright symbol, DeLaval endorsement and year, 3. A unique presentation reference name /job number. 4. Day / time reference. Go to View then Headers and Footers. They can be turned on and off by the tick boxes. Type in your name / job reference etc in field indicated after the © DeLaval and year.

Transcript

  • 1. Secure Software Presenter: Bhavya Siddappa
  • 2. Agenda
    • Why security?
    • Terms used
    • STRIDE
    • Response to threats
    • Mitigation
  • 3. Why security?
    • There are some malignant users in the world
      • They can extract valuable information from system and misuse it
      • They can shut down the server for fun
      • They can make the system behave abnormally
      • They can enter unwanted information or incorrect information in the system
      • They can flood the database with a lot of data
    • They do it just for fun
      • Your system can be next victim
      • The trouble to fix the problem would be too much after it is hacked
      • The data loss could be painful
      • Customer satisfaction is affected along with your goodwill
  • 4. Terms
    • Threats: The potential event that can cause unwelcome outcome are threats.
    • Vulnerabilities: the weakness (code bug, design flaw) in the system is called vulnerability
    • Attack: when an attacker takes advantage of the vulnerability with a motive
  • 5. STRIDE
    • Spoofing of identity
      • Using another users authentication by illegal access
    • Tampering with data
      • Malicious modification of data in database or data in transit
    • Repudiation
      • A user can deny performing an action w/o proof
    • Information disclosure
      • Access to information that is not supposed to be accessed by a user or to data in transit
    • Denial of service
      • Deny service to valid users
    • Elevation of privileges
      • Unprivileged user can get privileged access
  • 6. Response to threats
    • Do nothing
    • Inform the user of threat
    • Remove the problem
    • Fix the problem
  • 7. Mitigation
    • Spoofing identity
      • Authentication
      • Protect secrets
      • Don’t store secrets
  • 8. Mitigation
    • Tampering with Data
      • Authorization
      • Hashes (cryptographic function)
      • Message authentication codes
      • Digital signatures
      • Tamper resistant protocols
  • 9. Mitigation
    • Repudiation
      • Digital signatures
      • Timestamps
      • Audit trails
  • 10. Mitigation
    • Information disclosure
      • Authorization
      • Privacy-enhanced protocols
      • Encryption
      • Protect secrets
      • Don’t store secrets
  • 11. Mitigation
    • Denial of service
      • Authentication
      • Authorization
      • Filtering
        • before accepting the data
      • Throttling
        • Limiting no of requests to the system
      • Quality of service
        • Preference to specific traffic e.g. streaming media
  • 12. Mitigation
    • Elevation of privileges
      • Run with least privilege
  • 13. Thank You