Secure Software


Published on

Why & How to Secure Software

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Title slide The title slide is available as a ‘title master’ where the corporate signature is fixed. Pre-formatted placeholders are set into the master for editable text. Type in your title which is set in Arial 24pt. Slides should be used only as a prompt for the presenter. Header and Footers Placeholders for these have been inserted into the masters, and have been set to the same colour as the background (white). They are only apparent when printing black and white. They enable you to identify: 1. Slide or page number, 2. A copyright symbol, DeLaval endorsement and year, 3. A unique presentation reference name /job number. 4. Day / time reference. Go to View then Headers and Footers. They can be turned on and off by the tick boxes. Type in your name / job reference etc in field indicated after the © DeLaval and year.
  • Secure Software

    1. 1. Secure Software Presenter: Bhavya Siddappa
    2. 2. Agenda <ul><li>Why security? </li></ul><ul><li>Terms used </li></ul><ul><li>STRIDE </li></ul><ul><li>Response to threats </li></ul><ul><li>Mitigation </li></ul>
    3. 3. Why security? <ul><li>There are some malignant users in the world </li></ul><ul><ul><li>They can extract valuable information from system and misuse it </li></ul></ul><ul><ul><li>They can shut down the server for fun </li></ul></ul><ul><ul><li>They can make the system behave abnormally </li></ul></ul><ul><ul><li>They can enter unwanted information or incorrect information in the system </li></ul></ul><ul><ul><li>They can flood the database with a lot of data </li></ul></ul><ul><li>They do it just for fun </li></ul><ul><ul><li>Your system can be next victim </li></ul></ul><ul><ul><li>The trouble to fix the problem would be too much after it is hacked </li></ul></ul><ul><ul><li>The data loss could be painful </li></ul></ul><ul><ul><li>Customer satisfaction is affected along with your goodwill </li></ul></ul>
    4. 4. Terms <ul><li>Threats: The potential event that can cause unwelcome outcome are threats. </li></ul><ul><li>Vulnerabilities: the weakness (code bug, design flaw) in the system is called vulnerability </li></ul><ul><li>Attack: when an attacker takes advantage of the vulnerability with a motive </li></ul>
    5. 5. STRIDE <ul><li>Spoofing of identity </li></ul><ul><ul><li>Using another users authentication by illegal access </li></ul></ul><ul><li>Tampering with data </li></ul><ul><ul><li>Malicious modification of data in database or data in transit </li></ul></ul><ul><li>Repudiation </li></ul><ul><ul><li>A user can deny performing an action w/o proof </li></ul></ul><ul><li>Information disclosure </li></ul><ul><ul><li>Access to information that is not supposed to be accessed by a user or to data in transit </li></ul></ul><ul><li>Denial of service </li></ul><ul><ul><li>Deny service to valid users </li></ul></ul><ul><li>Elevation of privileges </li></ul><ul><ul><li>Unprivileged user can get privileged access </li></ul></ul>
    6. 6. Response to threats <ul><li>Do nothing </li></ul><ul><li>Inform the user of threat </li></ul><ul><li>Remove the problem </li></ul><ul><li>Fix the problem </li></ul>
    7. 7. Mitigation <ul><li>Spoofing identity </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Protect secrets </li></ul></ul><ul><ul><li>Don’t store secrets </li></ul></ul>
    8. 8. Mitigation <ul><li>Tampering with Data </li></ul><ul><ul><li>Authorization </li></ul></ul><ul><ul><li>Hashes (cryptographic function) </li></ul></ul><ul><ul><li>Message authentication codes </li></ul></ul><ul><ul><li>Digital signatures </li></ul></ul><ul><ul><li>Tamper resistant protocols </li></ul></ul>
    9. 9. Mitigation <ul><li>Repudiation </li></ul><ul><ul><li>Digital signatures </li></ul></ul><ul><ul><li>Timestamps </li></ul></ul><ul><ul><li>Audit trails </li></ul></ul>
    10. 10. Mitigation <ul><li>Information disclosure </li></ul><ul><ul><li>Authorization </li></ul></ul><ul><ul><li>Privacy-enhanced protocols </li></ul></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><li>Protect secrets </li></ul></ul><ul><ul><li>Don’t store secrets </li></ul></ul>
    11. 11. Mitigation <ul><li>Denial of service </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Authorization </li></ul></ul><ul><ul><li>Filtering </li></ul></ul><ul><ul><ul><li>before accepting the data </li></ul></ul></ul><ul><ul><li>Throttling </li></ul></ul><ul><ul><ul><li>Limiting no of requests to the system </li></ul></ul></ul><ul><ul><li>Quality of service </li></ul></ul><ul><ul><ul><li>Preference to specific traffic e.g. streaming media </li></ul></ul></ul>
    12. 12. Mitigation <ul><li>Elevation of privileges </li></ul><ul><ul><li>Run with least privilege </li></ul></ul>
    13. 13. Thank You