0
Static Code Analysis     Introduction and examples                         Roberto Battistoni                       (rbatt...
Secure SDLC              (Secure Software Development Life Cycle)•   Abuse Case and Threat Modeling•   Static Analysis or ...
Seven Pernicious KingdomsDefinition: A kingdom is a       Definition: By phylum we mean a specific type of codingcollectio...
Fortify SCA(Static Code Analysis con Fortify SCA)
Example n° 1                       Kingdom: API Abuse/*** Get a database escaped string* @return string*/function getEscap...
Example n° 1
Example n° 2         Kingdom: Input Validation and Representation (SQL Injection)/*** Execute the query* @return mixed A d...
Example n° 3              Kingdom: Encapsulation (System Information Leak)<html><!--  Copyright (c) 1999 The Apache Softwa...
Example n° 4                 Kingdom: Security Features (Weak Encryption)private void loadPBESecretKey() throws Exception{...
Example n° 5                Kingdom: Security Features (Weak Cryptographic hash)public String digest(String password, Stri...
Example n° 6                         Kingdom: Errors (Empty Catch Block)if (!stdinInput)        {            try          ...
Example n° 7                    Kingdom: Errors (overly broad exception)public AdminClientMain() throws Exception    {    ...
Upcoming SlideShare
Loading in...5
×

Software Security Examples

461

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
461
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Software Security Examples"

  1. 1. Static Code Analysis Introduction and examples Roberto Battistoni (rbattistoni@acm.org) Information Security course 2009/2010: prof. Luigi V. Mancini
  2. 2. Secure SDLC (Secure Software Development Life Cycle)• Abuse Case and Threat Modeling• Static Analysis or Code Review
  3. 3. Seven Pernicious KingdomsDefinition: A kingdom is a Definition: By phylum we mean a specific type of codingcollection of phyla that share error. For example, “Illegal Pointer Value” is a phylum.a common theme. Forexample, “Input Validationand Representation” is akingdom. 1. Input Validation and Buffer Overflow. Writing outside the bounds of allocated memory can Representation corrupt data, crash the program, or cause the execution of an attack payload. Command Injection. Executing commands from an untrusted source or in an 2. API Abuse untrusted environment can cause an application to execute malicious commands on behalf of an attacker. 3. Security Features Cross-Site Scripting. Sending unvalidated data to a Web browser can result in the browser executing malicious code (usually scripts). 4. Time and State SQL Injection. Constructing a dynamic SQL statement with user input may allow an attacker to modify the statement’s meaning or to execute arbitrary 5. Errors SQL commands. 6. Code Quality [...] 7. Encapsulation 8. (*) Environment
  4. 4. Fortify SCA(Static Code Analysis con Fortify SCA)
  5. 5. Example n° 1 Kingdom: API Abuse/*** Get a database escaped string* @return string*/function getEscaped( $text ) { if (phpversion() < 4.3.0) { return mysql_escape_string( $text ); } else { return mysql_real_escape_string( $text ); }}
  6. 6. Example n° 1
  7. 7. Example n° 2 Kingdom: Input Validation and Representation (SQL Injection)/*** Execute the query* @return mixed A database resource if successful, FALSE if not.*/function query($sql = ) { global $mosConfig_debug; if ($sql == ) $sql = $this->_sql; if ($this->_debug) $this->_log[] = $sql; if ($this->_cursor = mysql_query($sql, $this->_resource)) { $this->_errorNum = 0; $this->_errorMsg = ; return $this->_cursor; } else { $this->_errorNum = mysql_errno( $this->_resource ); $this->_errorMsg = mysql_error( $this->_resource )." SQL=$sql"; if ($this->_debug) $this->debug_trace(); return false; }}
  8. 8. Example n° 3 Kingdom: Encapsulation (System Information Leak)<html><!-- Copyright (c) 1999 The Apache Software Foundation. All rights reserved. (-->)--><body bgcolor="red"> <%@ page isErrorPage="true" %> <h1> The exception <%= exception.getMessage() %> tells me you made a wrong choice. <h2> Exception raised was <%= exception.toString() %>.</h2></body></html>
  9. 9. Example n° 4 Kingdom: Security Features (Weak Encryption)private void loadPBESecretKey() throws Exception{ // Create the PBE secret key cipherSpec = new PBEParameterSpec(salt, iterationCount); PBEKeySpec keySpec = new PBEKeySpec(keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES"); [...]}
  10. 10. Example n° 5 Kingdom: Security Features (Weak Cryptographic hash)public String digest(String password, String digestType, String inputEncoding) throws CmsPasswordEncryptionException { MessageDigest md; String result; try { if (DIGEST_TYPE_PLAIN.equals(digestType.toLowerCase())) { result = password; } else if (DIGEST_TYPE_SSHA.equals(digestType.toLowerCase())) { byte[] salt = new byte[4]; byte[] digest; byte[] total; if (m_secureRandom == null) { m_secureRandom = SecureRandom.getInstance("SHA1PRNG"); } m_secureRandom.nextBytes(salt); md = MessageDigest.getInstance(DIGEST_TYPE_SHA); md.reset(); md.update(password.getBytes(inputEncoding)); md.update(salt); digest = md.digest(); total = new byte[digest.length + salt.length]; System.arraycopy(digest, 0, total, 0, digest.length); System.arraycopy(salt, 0, total, digest.length, salt.length); result = new String(Base64.encodeBase64(total)); }
  11. 11. Example n° 6 Kingdom: Errors (Empty Catch Block)if (!stdinInput) { try { inputReader.close(); } catch (IOException e1) { } } return inputString; }
  12. 12. Example n° 7 Kingdom: Errors (overly broad exception)public AdminClientMain() throws Exception { [...]
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×