SlideShare a Scribd company logo
1 of 90
Download to read offline
MINISTRY OF HIGHER EDUCATION
AND SCIENTIFIC RESEARCH
Higher Institute of Computer Sciences El-Manar
Summer Internship Report
Realized by: Rihab CHEBBAH
Company Supervisors: Mr Ibrahim JAOUAD & Mr Atef BAYA
Company: LEONI Tunisia
Departement: Information Management Technology
Internship Period: From 01/06/2016 to 30/06/2016
MINISTRY OF HIGHER EDUCATION
AND SCIENTIFIC RESEARCH
Higher Institute of Computer Sciences El-Manar
Summer Internship Report
Realized by: Rihab CHEBBAH
Company Supervisors: Mr Ibrahim JAOUAD & Mr Atef BAYA
Company: LEONI Tunisia
Departement: Information Management Technology
Internship Period: From 01/06/2016 to 30/06/2016
Supervisors Signatures:
With grateful heart, I would like to remem-
ber the persons who had helped me during the
course of my internship program.
I wish to place on record my words of grati-
tude to Mr. Ibrahim JAOUAD for being my ad-
visor and the enzyme during my internship.
I owe warm-harted acknowledgement of grat-
itude to Mr. Atef BAYA for being my master
mind behind my internship program.
Rihab CHEBBAH
Acknowledgement
Introduction
Security is now a serious problem and, if present trends continue, the problem will
be much worse in the future. While there are many reasons for security problems, a
primary cause is that much of the software cannot withstand security attacks. These
attacks exploit vulnerabilities in software systems.
Software security vulnerabilities are caused by defective specication, design, and im-
plementation. Unfortunately, common development practices leave software with many
vulnerabilities. To have a secure infrastructure, the software must contain few, if any,
vulnerabilities. This requires that software be built to sound security requirements and
have few if any specication, design, or code defects.
No processes or practices have currently been shown to consistently produce secure
software. However, some available development practices are capable of substantially
improving the security of software systems including having exceptionally low defect
rates. Since introducing these methods requires signicant training and discipline, they
will not be widely adopted without strong motivation from sources such as corporate
leaders, customers, or regulation.
Within this contexe is framed my project and audit application security during the
course. In this report, we will nd 5 chapters. The rst is dedicated to present the com-
pany that accepted me there for an internship. The second chapter presents application
development security. Throughout the third chapter will present tested techniques to
ensure application security. The following chapter contains the dierent terms, mech-
anisms, models and tools that identify vulnerabilities in an application and the last
chapter includes the practice we have done during this internship.
1
Chapter 1
Company Presentation
1.1 Introduction
All over this chapter, we will introduce the Leoni Group as well as its division in Tunisia
1.2 History
In 1569, Anthoni Fournier in Nuremberg founded the rst workshop for the manufac-
ture of Lyonese Wares: nest metal threads and wires of gold and silver, and later on
of silver plated and gold plated copper.
In 1917, Fourriers's son merged three succeeding companies into newly established
Leonische Werke Roth-Nürnberg AG. Fourteen years later, the company name was
changed to Leonische Drahtwerke AG, Nuremberg and they had started the production
of rubber sheathed cables. After that, exactly in 1956, he Started to manufacture cable
assemblies. In 1977, Leoni started its global expansion by establishing a wiring harness
plant in Tunisia. This was soon followed by further new plants subsidiaries and acqui-
sitions in many countries, USA, Germany, China, Corea, Egypt, etc ...
Till now, Leoni have acquired the wiring harness division of the French automative sup-
plier Valeo. This resulted in Leoni becoming the European market leader for automative
wiring systems and the number four supplier in the world.
3
1.3 Leoni structure
Leoni group has 2 main divisions : Wiring Systems Division (WSD) and Wire  Cable
Solutions (WCS)
Leoni group has more then 67,000 employees: 58,000 within the WSD and the rest,
8,000 employees, within WCS.
Wiring Systems Division
For the automotive and other industries LEONI is a proven global partner. Its Wiring
Systems Division develops and supplies innovative wiring solutions, as well as compo-
nents, for passenger car producers, commercial vehicle manufacturers and for system
and component suppliers.
Figure 1.1: Wiring Systems Division
LEONI is the European market leader for wiring systems and is one of the world's
premier providers of automotive electrical and electronic distribution systems. Its mis-
sion is to give the customer precisely what is required, from the initial design concept
to the safe installation of the nal product.
Wire  Cable Solutions
The Wire Cable Solutions Division (WCS) beneted from the still heavy demand for
automotive cables as well as good performance of the business involving cables for in-
dustry and the healthcare sector.
4
Figure 1.2: Wire  Cable Solutions
With the aim of strategic further growth, the division will sharpen the focus of its
market activity and to that end will look into consolidating its portfolio. In addition
to further strengthening of its position in the automotive cables market, the agenda
includes expansion of select segments of industrial business. This will involve stepping
up development towards being a solutions provider.
1.4 Leoni Global Network
Leoni's Group is located in over 16 countries; Brazil, China, Egypt, France, Germany,
India, Italy, Morocco, Mexico, Porugal, Romania, Russia, Serbia, Slovakia, Ukraine and
Tunisia; with over 35 production's sites. Its production space is about 550,000 m2
.
Figure 1.3: Leoni's locations
5
1.5 Leoni Wiring System Tunisia
Leoni Wiring System was established in Tunisia in 1977 and had built 2 subsidiaries;
Sousse and Mateur Sud Mateur Nord.
In Sousse, Leoni has dierent plant sections which work for dierent cars' costemers
like Audi, BMW, VW and others... About 6500 employees work there.
Mateur Sud Mateur Nord has over 6000 employees and there are 2 plant sections : one
for the costemers Fiat and Panda and one for PSA.
1.6 Information Management at LEONI
The Information Management (IM) at LEONI is organized as shown below:
Figure 1.4: IM Organization - Bundling of Global Services
Above the world, Leoni Wiring System has 4 IM service centers : one in North
Africa, one in Easten Europe, one in Americas and the other one in Asia.
6
Figure 1.5: IM Service Centers Organization
1.7 Information Management Service Center North
Africa
Information Management Service Center North Africa (IM SC NA) is 1 of the 4 service
centers of IM in the world. It supports in IT as well Applications Environment. it was
established in 2005 with 3 members worked as web developers. Now, it has 65 members
with 14 teams.
Figure 1.6: Information Management Service Center North Africa teams
7
The teams are classied according to their objective: one team assistance for the
IM SC NA, one Team IM demand for managing projects, three development teams
for programmig softwares, three teams works as system analysts, two teams for PPS
consulting, one team for MES consulting and four teams works as systems Administrator
for IT section.
1.8 Information Management IT teams
The IM IT group is composed of multiple teams; Microsoft, Security team, team of
Network and Communication and also a team of Data Center  Private Cloud.
These teams are providing services to the local ITs. They are the second level support.
They are supported by external companies as third level support. The relationship
between these levels is based on client-provider concept.
Figure 1.7: IT Support levels
1.9 Information Management IT Security Team
Leoni uses Enterprise solutions to manage its products.
8
Figure 1.8: Enterprise Solution
Sophos enterprise Solutions
Sophos enterprise Solution is an automated console that manages and updates Sophos
security software on computers using operating system and virtual environment such as
VMware vShield. It allows protecting network against malware, le types and dangerous
websites, malicious network trac, adware and against other potentially unwanted
applications. It also checks the Web sites where users can go and further protecting
the network against malware and prevents any user to visit inappropriate websites.
Moreover, Sophos enterprise console prevents the use of unauthorized external storage
devices and wireless connection technologies on endpoint computers, administers the
protection of client rewall on endpoint computers and assesses computers for any
missing patch.
Application control
Application Control enables network administrators to block certain legitimate appli-
cations from running on work computers.
Typically, they use Application Control to prevent users from running applications that
are not a security threat, but that they decide are unsuitable for use in the workplace
environment, e.g., games or instant messaging programs.
In accordance with the company policy on Application Control, the administrators can
authorize required applications, and block those which are not required all from the
central console.
9
Sophos Device Control
Sophos Device Control allows an administrator to manage the use of storage devices,
network interfaces and media devices connected to all managed endpoints.
Sophos Update Manager
Sophos Update Manager is always installed on the computer where the Enterprise
Console is installed. This is the component which is responsible for getting the updates
from Sophos and is the updating source for the computers on the network.
It allows administrators to create shares that contain the endpoint software that they
want to deploy. The computers update themselves from these shares.
Sophos Firewall
The Sophos rewall enables only named applications, or classes of applications, to
access the company network or internet. The default rewall settings permit only basic
network communications and are not adequate for normal use. Anything more than
basic networking, e.g. your email software, web browser and any network database
access, will probably not work correctly with the default policy which blocks all non-
essential connections.
Sophos policies
Meanwhile installing Enterprise Console, default policies are created. These policies
are applied to any created groups. The default policies are designed to provide eective
levels of protection. If the administrators want to use features like network access
control, patch, application control, data control, device control, or tamper protection,
they need to create new policies or change the default policies.
Sophos Enterprise Console reports
Enterprise Console reports are available via the 'Report Manager'. Using the Report
Manager, administrators can quickly create a report based on an existing template,
change conguration of an existing report, and schedule a report to run at regular
intervals, with the results being sent to a chosen recipients as an email attachment.
They can also print reports and export them in a number of formats.
10
IM IT Security Team services
Leoni uses:
Sophos as Antivirus solution;
Safeguard for Encryption Solution;
Varonis as Folder Access Rights Audit solution.
The goal of the team IM-IT security in Tunisia is to ensure a secure environment for
the end user by managing the antivirus (Sophos), the data encryption (Safeguard) and
the data ownership (Varonis). The PKI is measured by the service vailability.
Sophos anti-virus
Sophos antivirus is an endpoint protection for innovative businesses against current and
future threats.
It's a simple and sophisticated antivirus at a time, advanced protection against threats,
Web ltering and compliance with policies. It has proven protection that automatically
identies new threats, blocks or deletes them. It includes an intrusion prevention system
on the host (HIPS) integrated that automatically adjusts to better combat malware.
It oers also a Live Protection connected to the lab to get the latest threat data.
Its infrastructre is composed of :
Endpoint Device acts as a user endpoint in a distributed computing system. Typ-
ically, the term is used specically for Internet-connected PC hardware on a
TCP/IP network. However, various network types have their own types of end-
point devices in which users can access information from a network. It can include
desktop or laptop computers, as well as portable devices like tablets and smart
phones.
Center Installation Directory This is a set of les that includes everything needed
for installation.
Management Server is a set of tools from Microsoft that assists in managing PCs
connected to a local-area network (LAN). It enables an administrator to create
an inventory of all the hardware and software on the network and to store it in
a database. Using this database, it can then perform software distribution and
installation over the LAN. This server also enables the administrator to perform
diagnostic tests on PCs attached to the LAN.
11
Sophos Update Manager Manages data and update distribution from Sophos.
VARONIS Folder Access Rights Audit
Varonis ensures that only the right people have access to the right data at all times, all
access is monitored, and abuse is agged.
It Identifes where most sensitive data resides, sees who has access to it, who is accessing
it, and safely locks it down. Varonis FARA runs also permissions reports, nds lost
les, assigns data owners, and conducts security investigations more eciently than
ever.
IT sta spend less time on manual data management and protection tasks and can focus
on critical projects because it automatically detects and corrects changes that don't
meet organization's change management policies. They Receive alerts on anomalous
behavior, privilege escalations, and unauthorized access to critical les and folders.
Sophos Safeguard Hard-Disk Encryption
Hard Disk Encryption provides automatic security for all information on endpoint hard
drives, including user data, operating system les and temporary and erased les. For
maximum data protection, multi-factor pre-boot authentication ensures user identity,
while encryption prevents data loss from theft. It protects from unauthorized access
when laptops are lost or stolen.
Conclusion
Troughout this chapter, we presented Leoni Wiring System and detailed its services
especially the services of IM IT security team where I did my internship
12
Chapter 2
Security Software Development
Introduction
Applications are developed with many dierent skill levels and a variety of security
awareness. The security must be assumed at every stage of projects' development.
2.1 Programming Languages
Dierent programming languages are used to develop software code. There are 2 types
of programming languages: compiled and interpreted languages.
• Using compiled languages, the programmer compiles the code. The code then is
converted to an executable le for use on a specic OS. This type of programming
is less prone to be manipulated but there is a possibility to contain some back
doors or other security aws created by unskilled programmers.
• With interpreted languages, the developer shares the source code. The end user
can use it and execute it on their OS. In this case, they can inject any back doors
into the original code written by the developers.
13
2.2 Object Oriented Programming
Object-Oriented Programming refers to a type of computer programming in which pro-
grammers dene not only the data type of a data structure, but also the functions that
can be applied to the data structure. In this way, the data structure becomes an object
that includes both data and functions. In addition, programmers can create relation-
ships between one object and another. For example, objects can inherit characteristics
from other objects. With OOP, users need to know every input, output and actions
corresponds to each object.
2.3 Avoiding and mitigating system failure
To avoid and mitigate system failure, there are some methods could be used: input
verications and fail-safe or fail-open procedures:
Input verication: veries that the values inserted by a user match the programmer's
expectation before allowing further processing.
Fail-open procedures: programmers should code scripts to respond and handle failure
system.
• Fail-secure failure state: this failure block the system and only the adminis-
trator could solve it and restore it to normal operation.
• Fail-open state: it allows users with permissiveness to solve it.
2.4 Systems Development Life Cycle (SDLC)
It's a software development processes denes the principal stages that projects passes
through to ensure good coding practices, embedding security in every stage.
14
Figure 2.1: Systems Development Life Cycle
Conceptual denition: This phase is the rst step of any system's life cycle. It denes
the project and commits the appropriate resources.
Functional requirements development: this phase involves collecting, dening and val-
idating functional, support and training requirements.
Control specications development: security of the project is designed at this stage. It
should provide access control to users, audit trail, detective mechanism for aws.
Design review: in this phase, the designers determine how the system will interoperate.
Code review walk-through: During this phase, systems are developed or acquired
based on detailed design specications.
System test review: after coding, testes are required to verify the system operation
using development personnel to seek out any obvious error.
Maintenance and change management: this phase is due to ensure that sponsor needs
continue to be met and that the system continues to perform according to speci-
cations
Life Cycle Model
Software development organizations implement process methodologies to ease the pro-
cess of development.
15
Waterfall model
the waterfall model has 7 phases: system requirements, software requirements, prelim-
inary design, detail design, code and debug, testing, operations and maintenance. It
describes a method of development that is linear and sequential; allows returning to
the previous phase to correct system faults
Spiral model
The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation.
His emphasis places on risk analysis. We use it when costs and risk evaluation is
important or when the requirements are complex....
Agile software development
Agile development methodology provides opportunities to assess the direction of a
project throughout the development lifecycle. Agile methodology is described as it-
erative and incremental.
In an agile paradigm, every aspect of development, requirements, design . . . is contin-
ually revisited throughout the lifecycle.
Agile software developed has produced Manifesto for Agile Method development The
Agile Manifesto is based on twelve principles:
1. Customer satisfaction by early and continuous delivery of valuable software
2. Welcome changing requirements, even in late development
3. Working software is delivered frequently (weeks rather than months)
4. Close, daily cooperation between business people and developers.
5. Projects are built around motivated individuals, who should be trusted
6. Face-to-face conversation is the best form of communication (co-location)
7. Working software is the principal measure of progress
8. Sustainable development, able to maintain a constant pace
9. Continuous attention to technical excellence and good design
10. Simplicity; the art of maximizing the amount of work not done; is essential
16
11. Best architectures, requirements, and designs emerge from self-organizing teams
12. Regularly, the team reects on how to become more eective, and adjusts accord-
ingly
Software capability maturity model
It is a methodology used to develop and rene an organization's software development
process. CMM can be used to assess an organization against a scale of ve process
maturity levels.
There are ve maturity levels designated.
1. Initial: the starting point for use of a new or undocumented repeat process.
2. Repeatable: the process is at least documented suciently such that repeating the
same steps may be attempted.
3. Dened: the process is dened / conrmed as a standard business processes.
4. Managed: the process is quantitatively managed in accordance with agreed-upon
metrics.
5. Optimizing: the process management includes deliberate process optimization/improvement
IDEAL model
The IDEAL model forms an infrastructure to guide organizations in planning and im-
plementing an eective software process improvement program, and is the founding
strategy employed in delivering many Software Engineering Institute (SEI) services.
Organizations that follow the IDEAL approach to software process improvement (SPI)
can eectively integrate SEI technologies, courses, workshops, and services into a com-
prehensive method for managing and improving their overall capacity.
17
Figure 2.2: Ideal Model Process
Gant chart and Pert
Gant chart is a graphical tool illustrates a schedule that helps to plan and coordinate
specic tasks in a project.
Pert is a project scheduling tool used to direct improvements to project management
and software coding in order to produce more ecient software.
2.5 Change and conguration management
Change management
After releasing a software project, there can be suggestions from users to perform the
project, correct the bugs or to request any other modications. Thus, programmers
should have procedures to manage changes to support future auditing, investigation
and analysis requirements.
Change management process has 3 basic components:
• Request control: used by terminal users to request modications, also by managers
to conduct or benet analysis and by developers to prioritize tasks.
• Change control: dedicated only for developers. They can re-create the situation
encountered by the users and analysis the appropriate changes. In addition, the
developers can restrict the eects of the new-code after updating or changing to
minimize the diminishment of a security.
18
• Release control: this phase assures the re-release of the software project and it
includes acceptance testing to ensure that any alterations to end-user work tasks
are understood and functional.
Conguration
Security administrators should be aware of the importance of conguration manage-
ment. It used to control the software project versions and change it to the software
conguration.
It has 4 main components:
• Conguration identication: administrators document the conguration of coherent
software products throughout the organization.
• Conguration control: this phase veries the changes made in accordance with the
change control respecting the policies. Updates can be made only from authorized
distributions in accordance with those policies.
• Conguration status accounting: at this stage, procedures are used to track autho-
rized changes.
• Conguration audit: It ensures that there is no unauthorized conguration changed.
2.6 DevOps Approach
It's a combination of software development and operations that cooperate together to
respond to the requirements while maintaining a high quality.
Figure 2.3: DevOps Approach
19
2.7 Application Programming Interfaces (APIs)
Nowadays, web applications need interactions between dierent web services. There-
fore, organizations oer APIs to facilitate these interactions through function calls.
The APIs pose some security risks. So, developers must use the authentication re-
quirement. This authentication is done to provide authorized APIs users with API
key passed with each API call. The backend system validates this API key before
processing a request while ensuring that this request is authorized to call the specic
API.
2.8 Software Testing
After programming a software project, it's necessary to check and test the project
operations. There are 3 software testing methods:
• White-box testing: this method examines the code itself line by line and analysis
the program for potential errors.
• Black-box testing: it examines the software project by using dierent inputs' sce-
narios and inspecting the output with no need to view the code.
• Gray-box testing: it examines the code to help design their tests and also examines
the software analyzing inputs and outputs.
The security of software is also needed testing. There are 2 categories of testing:
• Static test: it veries the security of software by analyzing either the source code
or the compiled application without running the project. Static testing uses an
automated tool design to detect aws.
• Dynamic test: it tests software in a running mode. It can use web application
scanning tool to detect aws in web applications
2.9 Code repository
Code repositories are made to facilitate software development. There are code reposi-
tories supports open source software development for public users, and others contains
code with secret information limited for authorized developers and users who has read
and/or write access. Developers must take care of their access controls and also should
not include any sensitive information in public code repository.
20
2.10 Service Level Agreements (SLAs)
It's a contract between organization and internal/external customers to provide an
agreed level of dierent services.
2.11 Software Acquisition
It's a set of rules which direct how software will be obtained. The rules will vary ac-
cording to need.
It may state where software will and will not come from, who decides where it comes
from, who may install it, the methods of delivery and installation, who is responsible
for maintaining the usage licenses and how often software requirements are reviewed.
Some policies will go further and incorporate rules on software disposal, but others will
put those rules into a separate software disposal policy.
2.12 Establishing databases and data warehousing
Because of many projects need users' private information, using databases would be a
solution to storage theses information safely.
Database management system architecture
There are 2 architectural types: Hierarchical and distributed databases and Relational
database.
Hierarchical and distributed databases
It's a one-to-many data model. It combines attributes and tuples related in a logical
tree structure.
The distributed data model stores data in dierent databases logically connected. It's
a many-to-many data model.
Relational database
It is a database composed of two-dimension tables contains attributes of an object. The
relationship between the tables is dened to identify related tuples.
The tuples are identiable using a variety of keys.
21
• Candidate keys: is a subset of attributes that can be used to uniquely identify any
record in a table.
• Primary key: it is selected from the candidate key for a table to be used to uniquely
identify tuples in a table.
• Foreign key: for managing relationships between multiple tables, and ensure data
consistency. It ensures that if one table contains a foreign key, it corresponds to
a still-existing primary key in the order table in the relationship.
All relational databases use the structured Query Languages for accessing and manip-
ulating databases.
Database transactions
Transaction is a set of separate actions that must all be completely processed, or none
processed at all. It can consist of multiple SQL statements not just one.
All database transactions requires 4 characteristics known as ACID :
Atomicity: This means that a transaction must remain whole  it's all or nothing.
So, the transaction as a whole must either fully succeed or fully fail. If and when
the transaction is a success, all of the changes must be saved by the system. If
the transaction fails, then all of the changes made by the transaction must be
completely undone and the system must revert back to its original state before
the changes were applied.
Consistency: this means that a transaction should change the database from one
consistent state to another.
Isolation: This means that each transaction should do its work independently of other
transactions that might be running at the same time.
Durability: This means that any changes made by transactions that have run to
completion should stay permanent, even if the database fails or shuts down dues
to something like power loss.
Security for multilevel databases
In a multilevel secure Database, users cleared at dierent security levels access and share
a database consisting of data at dierent sensitivity levels. A powerful and dynamic
approach to assigning sensitivity levels to data is one which utilizes security constraints
22
or classication rules.
Security constraints provide an eective and versatile classication policy. They can be
used to assign security levels to the data depending on their content and the context
in which the data is displayed. They can also be used to dynamically re-classify the
data. In other words, the security constraints are essential for describing multilevel
applications.
We have dened various types of security constraints. They include the following:
1. Constraints that classify a database, relation or an attribute
2. Constraints that classify any part of the database depending on the value of some
data
3. Constraints that classify any part of the database depending on the occurrence
of some real-world event
4. Constraints that classify association between data
5. Constraints that classify any part of the database depending on the information
that has been previously released
6. Constraints that classify collections of data
7. Constraints that classify any part of the database depending on the security level
of some data
8. Constraints which assign fuzzy values to their classications.
Concurrency
It's an edit control, locks features to allow one user to make changes in data and deny
the others. And then, unlocks it to allow others to access the data they need. It becomes
a detective control when administrators use concurrency with auditing mechanisms to
track the data changes.
Other security mechanisms
Administrators may use features to maintain data's integrity and availability and also
they can improve granularly security access control.
• Content Dependent Access Control is a method for controlling access of users to
resources, based on the content of the resource. CDAC is primarily used to
protect databases containing potentially sensitive data.
23
• Cell-suppression is the concept of hiding individual database elds or imposing more
security restrictions on them
• Context Based Access Control means that the decision whether a user can access a
resource doesn't depend solely on who the user is and which resource it is
• Database partitioning Partitioning a database improves performance and simplies
maintenance. By splitting a large table into smaller, individual tables, queries
that access only a fraction of the data can run faster because there is less data to
scan.
• Polyinstantiation: is the concept of type being instantiated into multiple independent
instances (objects, copies). A multilevel relation is said to be polyinstantiated
when it contains two or more tuples with the same apparent primary key values.
Storage data and information
Data is processed through a computer's storage resources; both memory and physical
resources.
Type of storage
• Primary storage contains Real memory (RAM), the main memory, related to the
system's CPU, contains registries and cache memories, through Memory Bus.
Primary storage is usually the most high-performance storage resource available
to a system.
• Secondary storage consists of more inexpensive and nonvolatile storage resources
such as tapes, disks, hard drives, ash drives and CD/DVD storage.
Storage threats
Information security professionals should be aware of two main threats posed against
data storage systems.
1. The threat of illegitimate access to storage resources exists no matter what type
of storage is in use. Therefore, administrators should protect against attacks
directly accessing to the physical storage to nd data. In addition, systems that
work with multilevel security should ensure that data from one classication level
is not readable in another level.
24
2. Covert channel attacks are where two entities can communicate by manipulating
shared resources in unintended ways, endangering critical assets. Attackers can
use such a mechanism to leak sensitive information, thus violating provably correct
information ow policies.
2.13 Understanding knowledge-based systems
Engineers and developers use a knowledge base to solve complex problems
Expert systems
Expert system has 2 main components: the knowledge base and the inference engine
Knowledge base: experts solve complex problems by reasoning about knowledge in a
series of if-then statements.
Inference engine: experts reason in a logical way with fuzzy logic techniques depending
on past experience to solve problems; analyze information in the knowledge base
to arrive to the appropriate decision.
Neural networks
The network is composed of a large number of highly interconnected processing elements
working in parallel to solve a specic problem. Neural networks learn by example or
from experience.
Decision support system
It is an application that analyzes business data and presents it so that users can make
business decisions more easily. It is an informational application that collects the data
in the course of normal business operation.
Security Applications
Many security applications are oered to both expert systems and neural networks.
These security applications can provide inference engine and also knowledge base to
make information from dierent audit logs across a network and provide notications
to security administrators when the activity of an individual user varies from the user's
standard usage prole.
25
Conclusion
Within this chapter, we introduced introduced a whole security in application develop-
ment as well as applications development patterns and life cycles.
26
Chapter 3
Security Testing
Introduction
Testing is an important part of software development and it is vital to start it as early
as possible, its objectives is to nd aws and vulnerabilities of a system. Throughout
this chapter, we will introduce some testing techniques that helps to identify software's
aws
3.1 Secuity testing Description
Security testing is basically a type of software testing that's done to check whether
the application or the product is secured or not. It checks to see if the application is
vulnerable to attacks, if anyone hack the system or login to the application without any
authorization.
Security testing is implemented throughout the entire software development life cycle
(SDLC) so that vulnerabilities may be addressed in a timely and thorough manner.
3.2 Security Testing in SDLC phases
Unit Test - Coding phase
During the life cycle of a process,testes are iplemented in deferent phases , we found he
unit test In coding pahse.
27
Unit test tests logic in classes by programmers to show code level correctness. They
should be fast and not dependend on other parts of the system that you don't intend
to test.
The primary goal of unit testing is to take the smallest piece of testable software in
the application, isolate it from the remainder of the code, and determine whether it
behaves exactly as you expect. Each unit is tested separately before integrating them
into modules to test the interfaces between modules. Unit testing has proven its value
in that a large percentage of defects are identied during its use.
Integration Test - integration and validation phase
Integration testing identies problems that occur when units are combined. By using
a test plan that requires you to test each unit and ensure the viability of each before
combining units, you know that any errors discovered when combining units are likely
related to the interface between units. This method reduces the number of possibilities
to a far simpler level of analysis.
The idea is to test combinations of pieces and eventually expand the process to test
your modules with those of other groups. Eventually all the modules making up a
process are tested together. Beyond that, if the program is composed of more than one
process, they should be tested in pairs rather than all at once.
Functional Test - integration and validate phase
Functional testing is a quality assurance (QA) process and a type of black-box testing
that bases its test cases on the specications of the software component under test.
Functions are tested by feeding them input and examining the output, and internal
program structure is rarely considered. It usually describes what the system does.
Functional testing typically involves six steps
1. The identication of functions that the software is expected to perform
2. The creation of input data based on the function's specications
3. The determination of output based on the function's specications
4. The execution of the test case
5. The comparison of actual and expected outputs
6. To check whether the application works as per the customer need.
28
3.3 Fuzzing Test
Fuzzing is a method of testing software to nd security holes and unexpected behavior of
an application, using semirandom data. It is about injecting invalid or random inputs
in order to reveal unexpected behaviour and to identify errors and expose potential
vulnerabilities.
Fuzzing Test Process
Figure 3.1: Fuzzing Test process
The fuzzing process is dened as shown here, First, a generator produces test inputs.
Second, the test inputs are delivered to the system under test. The delivery mechanism
depends on the type of input that the system processes. Third, the system under test
is monitored for crashes and other basic undesirable behavior. Also Reports describes
the results of the test could be generated automatically.
One can monitor the target application in many ways:
• Observation of program behavior
• Logs
• Debuggers (!exploitable...)
• Files, processes and network monitors
29
• Virtualization (VMWare)
• Source code modications (breakpoints)
• Additional techniques (Valgrind, GuardMalloc)
• Combined techniques
Fuzzing Test and SDLC
Figure 3.2: Fuzzing Test process
Application is tested by a previously prepared fuzzer. Test results are veried by
testers. Next, they are sent to programmers. If any errors occur, programmers must
x the application. New build once again must pass the fuzzing process.
Advantages
• Full automatization (in most cases)
• Fuzzers nd real vulnerabilities
• Ability to identify bugs which are hard to nd by manual testing
• Ability to quickly obtain satisfactory results (rst bug)
30
disadvantages
• Inability to nd logical bugs
• Inability to nd complex bugs
• Time required for performing test is very hard to specify
3.4 Security test cases
Security test cases cheat list or check-list can provide simple test cases and attack
vectors that can be used by testers to validate exposure to common vulnerabilities.
Case of input validation
Input validation is the correct testing of any input; we should verify the data is strongly
typed, correct syntax, within length boundaries, contains only permitted characters, or
that numbers are correctly signed and within range boundaries.
Case of Access Control
Access control policies can be specied in programming languages or policy specication
languages and implemented in a particular access control implementation. Policies need
to be carefully designed and implemented to prevent data from unauthorized access,
diclosure of sensitive data dos and ddos attacks...
Case of Cryptography Policy
The Cryptography Policy sets out when and how encryption should (or should not)
be used. It includes protection of personal, condential and commercially sensitive
information and communications, key management, and procedures to ensure encrypted
information can be recovered by the organisation if necessary.
Case of Authentication and Session Management
Authentication is the process of verication that an individual, entity or website is who
it claims to be.
Session Management is a process by which a server maintains the state of an entity
interacting with it. Sessions are maintained on the server by a session identier which
31
can be passed back and forward between the client and server when transmitting and
receiving requests. Sessions should be unique per user and very dicult to predict.
Case of Data Protection
Limit access to data based on the least privilege principal. Encrypt sensitive data and
information like stored passwords, connection strings and properly protect decryption
keys. We should Make sure all cached or temporary copies of sensitive data are protected
from unauthorized access and get purged as soon as they are no longer required.
Communication Security
When transmitting sensitive information, at any tier of the application or network
architecture, encryption-in-transit should be used. We should Use a trusted certicate
authority to generate public and private keys whenever possible. Moreover, proper
security controls must be in place to protect the private keys from unauthorized access.
Conclusion
Secure applications can ensure system safety and security. It can impede attacks by
hackers. Security testing is one of the most important tests that you should conduct
before introducing it to the commercial domain.
32
Chapter 4
Secure Computing
Introduction
Before we get into the work that has been done for this project, a better understanding
of security attributes in the standard computer system, threat models, methodologies
along with their respective tools.
4.1 Security Attributes and Terms
Malware
Malicious software or malware is software developed by a hacker in order to harm a
computer system. There are dierent types of malwares:
Virus
It's a malware transmitted via network or through removable media. It settles into
programs and parasite them while producing harmful eects to infect these programs.
We distinguish:
Boot virus : it is loaded in memory at startup and takes control of the computer
application Virus : it infects executable program and triggers the execution thereof
33
macro virus : A hacker is a person who circumvents or destroys the protective soft-
ware, a computer or a computer network for malicious purposes.
Worm
A worm is an independent malware that spreads from computer to computer through
the Internet or any other network and disrupts the functioning of the systems involved
and executed by users themselves. Worms are often designed to saturate the available
or extending the duration of treatment resources. They can also destroy a computer
data, disrupting the operation of the network or illegally transferring information. A
worm can produce eects immediately or in a deferred manner. Unlike viruses, worms
do not implant themselves within another program. It spreads autonomously.
Trojan horse
Trojan is harmless software, installed or downloaded and in which was hidden malware
that can for example enable the fraudulent collection, falsication, or destruction of
data. The Trojan does not reproduce.
Spyware
Is software designed to collect concerned data or system's information it uses to third
parties without the knowledge of the user.
Adware
Is software that displays advertisements on the computer screen and transmits to his
publisher information to tailor those ads in prole. The adware is often integrated
or combined with a freeware or shareware with a dierent object and it's treated as
spyware.
Vulnerability
Vulnerability is seen as a weakness in the system which allows an attacker to reduce or
completely remove the system's information assurance.
Threat
A threat is seen as a possible danger that could exploit the above-mentioned vulnera-
bilities. It can be seen as either intentional or accidental; An intentional example would
34
be an attacker sending malicious code to the system to cause a denial of service, while
an accidental threat can be related to any natural disaster that could cause physical
hard to the system.
Attack
An attack is an attempt to destroy, expose, alter, or steal information within the system.
It is also dened.
Risk
A risk is the likelihood and impact of a possible threat or attack.
Asset
An asset within a system can be data, a device, or any other component that supports
information related activities. This is an important aspect to consider since an entire
system is made up of various assets that have to be considered when dealing with overall
security.
4.2 Threat Models
A threat model describes security aspects with respect to a particular kind of system
by associating a set of potential vulnerabilities, threats and attacks while keeping in
mind the potential set of assets incorporated with specic functions or use cases.
Assets play an important role when considering the possible threats to a particular
system. Without a set of target assets for the system, threats cannot exist within that
system. At the same time, however, without assets, there's a possibility that there is
no system to.
Risk assessment is normally done after the threat modeling process in order to map
each threat to either a mitigation mechanism or to an assumption that is not worth
worrying about in certain contexts.
CIA Model
the CIA model is described by its aspects :Condentiality, Integrity and Availability.
35
Figure 4.1: CIA Model
Condentiality : Denition and enforcement of appropriate access levels for sensitive
information.
Integrity: Protection of data from being modied or deleted by an unauthorized party
and ensuring that authorized changes that should not have been made can be
undone.
Availability : Ensures that access to all resources that are needed to provide informa-
tion are always available.
Most security experts are familiar with this particular model as it is the basis for
describing the most important security aspects of a system.
The CIA model gave us a foundation on which we were able to extend on in order to
create a more detailed threat modeling system.
STRIDE Model
The STRIDE model is an alternative approach to threat modeling that was proposed
by Microsoft. The name stride is based on of the initial letter of possible threats.
Spoong: attackers pretend to be someone or something they are not;
Tampering: attackers change data in transit or in a data store ;
36
Repudiation: attackers perform actions that cannot be traced;
Information Disclosure: attackers gain access to data in transit or in data store that
they shouldn't have access to ;
Denial of Serices: attackers interrupts normal operation of the system;
Elevation of privilege: attackers perform actions they are not authorized to perform.
This model classies threats in accordance with their categories. By using these cate-
gories of threats, one has the ability to create a security strategy for a particular system
in order to have planned responses and mitigations to threats or attacks.
When using STRIDE, the following threat-mitigation table can be used to identify
techniques that can be employed to mitigate the threats.
4.3 Methodologies / Modeling tools
Multiple modeling tools were considered for this project. The tool should be the same
along with being exible in the sense that it can be adapted to our purposes, and
as thorough as possible with regards to the basis of cyber security. Below is a brief
description of each tool that was researched with some small discussion details.
Microsoft SDL Threat Modeling Tool 2016
MS threat modeling tool 2016 is a tool helps to nd dierent threats in the software
development lifecycle.
The SDL Threat Modeling Tool enables any developer or software architect to:
• Communicate about the security design of their systems
• Analyze those designs for potential security issues using a proven methodology
• Suggest and manage mitigations for security issues
It graphically identies processes and data ows (DFD) that comprise an application
or service and oers
• easy drawing environment,
• an automatic threat generation using the stride per interaction approach
• an option for user-dened threats to be added.
37
It follows a well-dened process
Figure 4.2: MS Threat Modeling Tool process
Diagram : with this tool, we can drag and drop to build an understanding and a
simple DFD for any use case or function specied.
The elements of this DFD are explained below
Figure 4.3: Data Flow Diagram elements
Identify threats : Once the model is complete, the MS threat modeling tool can be
used to automatically analyze the model and determine what kind of threats are
apparent to the function using the STRIDE model. Every threat could aect any
type of DFD's elements.
38
Figure 4.4: Threats for each DFD's elements
Mitigation : Mitigation is the point of threat modeling. Threats are further analyzed
by exploring the attack paths, the root causes for the threat to be exploited, and
the necessary mitigation controls.
we need, rst of all, to get specic about threat manifestation.
threat What we want
Spoong Authentication
Tampering Integrity
Repudiation Nonrepudiation
Information Disclosure Condentiality
Denial of Service Availability
Elevation of privilege Authorization
Table 4.1: Threat manifestation
When using STRIDE, the following threat-mitigation table can be used to identify
techniques that can be employed to mitigate the threats.
39
Figure 4.5: Standard mitigations
Once threats and corresponding countermeasures are identied it is possible to
derive a threat prole with the following criteria:
1. Non mitigated threats: Threats which have no countermeasures and repre-
sent vulnerabilities that can be fully exploited and cause an impact
2. Partially mitigated threats: Threats partially mitigated by one or more coun-
termeasures which represent vulnerabilities that can only partially be ex-
ploited and cause a limited impact
3. Fully mitigated threats: These threats have appropriate countermeasures in
place and do not expose vulnerability and cause impact
Validate : validation is done in 3 steps
1. Validate threat models: here, we need to verify the whole threat model; the
diagrams must match the nal code, each threat need to be mitigated in the
right way.
2. Validate quality of threats and mitigations: we need to conrm threats de-
scribe the attack, the context and also the impact. In addition, mitigations
40
must be associated with the threat, described very well and also have to le
a bug.
3. Validate information captured: we need to validate the dependencies if we
use some and validate things we noted while building the threat model.
OCTAVE
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)is a risk
based strategic assessment and planning technique for security.
It is mainly known for being self-directed. This means that people from a company or
organization assume responsibility for setting their own security strategy.
OCTAVE targets organizational risk and concentrates mainly on strategic, practice-
related issues. The evaluation methodology is exible to accommodate most organiza-
tions. It also utilizes not only people from the information technology department but
also those from operational departments to address the security needs of the organiza-
tion as a whole.
It is important to also note some of the key characteristics of the OCTAVE approach.
For example, OCTAVE is an asset-driven evaluation approach. Teams that analyze a
specic system or infrastructure:
1. Identify information-related assets that are important to the organization
2. Focus risk analysis on those assets judged to be most critical to the organization
3. Consider the relationships among critical assets, threats to those assets, and vul-
nerabilities that can expose the specied assets to threats
Microsoft Threat Analysis and Modeling Tool
The Threat Analysis and Modeling Tool (TAM) is an asset-focused tool designed for
LOB applications. It is used for applications for which business objectives, deployment
pattern, and data assets and access control are clearly dened.
The focus of the tool is to understand the business risk in the application, help identify
controls needed to manage that risk, and protect the assets.
Microsoft Threat Analysis Modeling tool allows non-security subject matter experts
to enter already known information including business requirements and application
architecture which is then used to produce a feature-rich threat model.
The theat tree is a method to explore valid attack paths ,represents conditions needed
41
to exploit the threat. It determines all the combined vulnerabilities associated with
a threat and focuses on mitigating the vulnerabilities that form the path of least
resistance.
Figure 4.6: Threat Tree
Along with automatically identifying threats, the tool can produce valuable security
artifacts such as:
• Data access control matrix
• Component access control matrix
• Subject-object matrix
• Data Flow
• Call Flow
• Trust Flow
• Attack Surface
• Focused reports
4.4 Norme ISO 27002
The ISO / IEC 27002 standards is a code of practice for the management of information
security. This is a general consultative document and not a formal specication.
it recommends in information security measures on the objectives of security contracts
resulting from the information risks to the condentiality, integrity and availability of
42
information.
According to ISO 27002 standard, we must ensure that information security is part of
information systems in providing services on public networks.
Conclusion
All over this chapter, we presented the master keys of our work which will be detailed
in the next chapter.
43
Chapter 5
Use case Based on Threat Models
Introduction
During mu interniship in Leoni Wiring System Tunisia, we were given to look for threats
in dierent scripts. In this chapter, we will present the fruit of our work.
5.1 Script threat analysis
Technical description script
The application is named Sophos Unmanaged machines followup tool. This application
will query the Sophos Database to generate Unamanaged machines in dierent Leoni
sites. The list of sites can be found on a text le named OUlist.txt located in the
same folder as the application.
After quering the Sophos Database for Unmanaged machines in dierent sites, the
application will create a folder with the current date as name (DD-MM-YYYY). On
this folder, the application will generate an Excel le for each site. The Excel le will
contain four columns. One for the machine name, one for the DNS status (it contains
the result of nslookup against the concerned machine. If the machine has a DNS entry,
the label will contain Has DNS entry otherwise, it will contain Has no DNS entry.
The third column is for the connectivity status (It contains the result of pinging the
machine, and the fourth named Exempted (this means if the machine is listed in the
Exception list described above or not).
After generating the Excel le with the list of Unmanaged machines, the application
45
will look for the corresponding contact person(s) of the concerned site in an Excel
le named ContactList.xlsx contained in the same folder as the main application.
An email will be sent to the contact person(s) with the list of Unmanaged machines.
The maintenance of this application will be ensured through the maintenance
of the OUlist.txt which contains the list of the sites to follow up, the Con-
tactList.xlsx le which contains the list of contact persons by site, Email-
Body.txt to modify the email body, and ExceptionList.xlsx to add a technical
exception.
Application decomposition
The Threat Analysis and Modeling Tool allows us to decompose the application into
roles, Data and components.
Roles
We have found 2 main roles: user roles and service roles.
User roles are assigned to any user who will be interacting with the application. Roles
dene the trust levels of software application, and are primarily used to make autho-
rization decisions. Further this application, we have found only he site's responsible or
the adminitrator as user. He is the only one who has the ability to solve a problem of
an unmanaged machine.
Figure 5.1: Application decomposition - User Roles
Service Roles are trust levels, containing specic identities, which dene the context
of various components running in the software application. Within this context, we
have found the SQL Server, Active Directory, .Net Framework, Microsoft Excel and
Windows Text le.
46
Figure 5.2: Application decomposition - Services Roles
Data
Data denes the information type that is maintained, or processed, by the software
application. with this application, we needed to the Contact List, the Exception List,
Site List, Mail Body and unmanaged machines
Figure 5.3: Application decomposition - Data
Components
Components are the building blocks of a software application that dene an instance
of a technology type such as a database, a web service, and so on. We have found as
components within this application the SQL Server, Active Directory, .Net Framework,
Microsoft Excel and Windows Text le.
Figure 5.4: Application decomposition - Components
47
Application Use cases
At this stage, we had dened the allowable permissions on the Data and the role that has
permissions on it. The specic permission are captured using the Create/Read/Update/Delete.
A use case is an ordered sequence of actions used to fulll a subset of the allowable
permissions that are dened in data access.
Based on that, the use cases of the application will be identied.
Figure 5.5: Application Use cases
For each use case identied, a data ow generated.
Figure 5.6: Application Use cases - Data Flow Example
48
5.2 Threat Analysis
Threat analysis is the analysis of the probability of occurrences and consequences of
attacks within a system.
Attacks
Each use cas risks from being attacked. It exists multiple attacks such as:
Buer Overow
A buer overrun occurs when a buer declared on the stack is overwritten by copying
data larger than the buer. Variables declared on the stack are located next to the
return address for the function's caller.
In a normal attack, the attacker can get a program with a buer overrun to do something
he considers useful, such as binding a command shell to the port of their choice.
Cryptanalysis Attacks
Cryptanalysis is the science of cracking codes, decoding secrets, violating authentication
schemes and breaking cryptographic protocols. It is also the science devoted to nding
and correcting weaknesses in cryptographic algorithms. It is understood within the eld
of Cryptology that an algorithm should not rely on its secrecy. An algorithm should
always be made available for public scrutiny. It is this scrutiny that will make it a well
trusted algorithm. Inevitably, vulnerability in the algorithm will be exploited.
Denial of Service
A Denial of Service (DoS) attack is an incident in which a user or organization is
deprived of the services of a resource they would normally expect to have. Typically,
the loss of service is disruption of services like e-mail, directory services etc. In the
worst cases, for example, a Web site accessed by millions of people can occasionally
be forced to temporarily cease operation. A denial of service attack can also destroy
assets in a computer system. Although usually intentional and malicious, a denial of
service attack can sometimes happen accidentally. A denial of service attack is a type
of information theft which will cost organization's time money.
49
Network Eavesdropping
Network Eavesdropping is the act of monitoring network trac for data, such as clear-
text passwords or conguration information. With a simple packet snier, all plaintext
trac can be read easily. Also, lightweight hashing algorithms can be cracked and the
payload that was thought to be safe can be deciphered.
SQL injection
A SQL injection attack exploits vulnerabilities in input validation to run arbitrary
commands in the database. It can occur when application uses input to construct
dynamic SQL statements to access the database. It can also occur if your code uses
stored procedures that are passed strings that contain raw user input. Using the SQL
injection attack, the attacker can execute arbitrary commands in the database. The
issue is magnied if the application uses an over-privileged account to connect to the
database. In this instance it is possible to use the database server to run operating
system commands and potentially compromise other servers, in addition to being able
to retrieve, manipulate, and destroy data.
Threats
With the Threat Analysis and Modeling Tool, threats are classied in accordance to
the CIA model and oers for each threat solutions to deal with it.
Threat factor for Condentiality
The primary threat factors for Condentiality are the unauthorized disclosure of the
executing identity and the unauthorized disclosure of the data.
Threat factor for Integrity
The primary threat factors for Integrity are the violation of the access control, violation
of business rule, and violation of data integrity.
Threat factor for Availability
The primary threat factors for Availability are unavailability and performance degra-
dation.
50
5.3 Threat Testing
we created a diagram of the threats for each use case.
Figure 5.7: Threat tree
In this diagram:
the root node is the threat in question (for example. unauthorized disclosure of read
using Active Directory by .Net Role).
Then, its children are the vulnerability types (for example, LDAP Injection).
Each vulnerability type has an underlying cause (for example, Dynamic LDAP queries
using untrusted input).
Then, each underlying cause has a mitigation technique (for example, untrusted input
should be validated against an inclusion list).
51
Conclusion
throughout this chapter, we presented the steps in order to discover the aws of a
system. Using this tool, we have the opportunity to have a comprehensive report
detailing each component and each threat and its contermeasures. You will nd the
report in the Appendix A.
52
Conclusion
The four-week internship spent with the IT Team allowed me to acquire new knowl-
edges in the world of IT and also in the world of security.
This course gave me new knowledge and increased my ability of understandings. I
had the chance to discover the enterprise solutions such as Sophos, VARONIS and also
Safeguard. Furthermore, I had the opportunity to deepen in the eld of audit of secu-
rity applications used by the IT team.
Having a summer internship with a dynamic, rigorous and with a large capacity for
work team, gave me the knowledge, expertise and also taught me how to communicate
with team members.
53
Unmanaged Machines Report
Appendix A
I
II
III
IV
V
VI
VII
VIII
IX
X
XI
XII
XIII
XIV
XV
XVI
XVII
XVIII
XIX
XX
XXI
XXII
XXIII
Test on Security Software Development
Appendix B
XXIV
XXV
XXVI
XXVII
XXVIII
Contents
Introduction 1
1 Company Presentation 3
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Leoni structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.4 Leoni Global Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.5 Leoni Wiring System Tunisia . . . . . . . . . . . . . . . . . . . . . . . 6
1.6 Information Management at LEONI . . . . . . . . . . . . . . . . . . . . 6
1.7 Information Management Service Center North Africa . . . . . . . . . 7
1.8 Information Management IT teams . . . . . . . . . . . . . . . . . . . . 8
1.9 Information Management IT Security Team . . . . . . . . . . . . . . . 8
2 Security Software Development 13
2.1 Programming Languages . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 Object Oriented Programming . . . . . . . . . . . . . . . . . . . . . . . 14
2.3 Avoiding and mitigating system failure . . . . . . . . . . . . . . . . . . 14
2.4 Systems Development Life Cycle (SDLC) . . . . . . . . . . . . . . . . . 14
2.5 Change and conguration management . . . . . . . . . . . . . . . . . . 18
2.6 DevOps Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.7 Application Programming Interfaces (APIs) . . . . . . . . . . . . . . . 20
2.8 Software Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.9 Code repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.10 Service Level Agreements (SLAs) . . . . . . . . . . . . . . . . . . . . . 21
XXIX
2.11 Software Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.12 Establishing databases and data warehousing . . . . . . . . . . . . . . . 21
2.13 Understanding knowledge-based systems . . . . . . . . . . . . . . . . . 25
3 Security Testing 27
3.1 Secuity testing Description . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.2 Security Testing in SDLC phases . . . . . . . . . . . . . . . . . . . . . 27
3.3 Fuzzing Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.4 Security test cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4 Secure Computing 33
4.1 Security Attributes and Terms . . . . . . . . . . . . . . . . . . . . . . . 33
4.2 Threat Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3 Methodologies / Modeling tools . . . . . . . . . . . . . . . . . . . . . . 37
4.4 Norme ISO 27002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5 Use case Based on Threat Models 45
5.1 Script threat analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.2 Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.3 Threat Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Conclusion 52
Appendix A I
Appendix B XXIV
XXX
List of Figures
1.1 Wiring Systems Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Wire  Cable Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3 Leoni's locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 IM Organization - Bundling of Global Services . . . . . . . . . . . . . . . . 6
1.5 IM Service Centers Organization . . . . . . . . . . . . . . . . . . . . . . . 7
1.6 Information Management Service Center North Africa teams . . . . . . . . 7
1.7 IT Support levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.8 Enterprise Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1 Systems Development Life Cycle . . . . . . . . . . . . . . . . . . . . . . . 15
2.2 Ideal Model Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.3 DevOps Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.1 Fuzzing Test process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.2 Fuzzing Test process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.1 CIA Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.2 MS Threat Modeling Tool process . . . . . . . . . . . . . . . . . . . . . . 38
4.3 Data Flow Diagram elements . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.4 Threats for each DFD's elements . . . . . . . . . . . . . . . . . . . . . . . 39
4.5 Standard mitigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4.6 Threat Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.1 Application decomposition - User Roles . . . . . . . . . . . . . . . . . . . . 46
5.2 Application decomposition - Services Roles . . . . . . . . . . . . . . . . . . 47
5.3 Application decomposition - Data . . . . . . . . . . . . . . . . . . . . . . . 47
XXXI
5.4 Application decomposition - Components . . . . . . . . . . . . . . . . . . . 47
5.5 Application Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5.6 Application Use cases - Data Flow Example . . . . . . . . . . . . . . . . . 48
5.7 Threat tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
XXXII

More Related Content

What's hot

Giving The Heave Ho To Worms, Spyware, And Bots!
Giving The Heave Ho To Worms, Spyware, And Bots!Giving The Heave Ho To Worms, Spyware, And Bots!
Giving The Heave Ho To Worms, Spyware, And Bots!Tammy Clark
 
Electronic Surveillance System
Electronic Surveillance SystemElectronic Surveillance System
Electronic Surveillance Systemshubhampatkar6
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityKevin Lee
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsSukanya Ben
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET Journal
 
Chap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesChap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesAqib Syed
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Mohan C. de SILVA
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Digital security
Digital securityDigital security
Digital securitykamcuff
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challengesVineet Dubey
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Cell Phone Viruses & Security
Cell Phone Viruses & SecurityCell Phone Viruses & Security
Cell Phone Viruses & Securityguestc03f28
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 

What's hot (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Giving The Heave Ho To Worms, Spyware, And Bots!
Giving The Heave Ho To Worms, Spyware, And Bots!Giving The Heave Ho To Worms, Spyware, And Bots!
Giving The Heave Ho To Worms, Spyware, And Bots!
 
Electronic Surveillance System
Electronic Surveillance SystemElectronic Surveillance System
Electronic Surveillance System
 
Mobile security
Mobile securityMobile security
Mobile security
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the Crime
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information Systems
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
 
Chap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesChap13 Security and Ethical Challenges
Chap13 Security and Ethical Challenges
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
 
Digital security
Digital securityDigital security
Digital security
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challenges
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
Cell Phone Viruses & Security
Cell Phone Viruses & SecurityCell Phone Viruses & Security
Cell Phone Viruses & Security
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview
 
Mobile security
Mobile securityMobile security
Mobile security
 

Viewers also liked

Rédaction de-la-mémoire
Rédaction de-la-mémoireRédaction de-la-mémoire
Rédaction de-la-mémoireRihab Chebbah
 
SAP Audit Issues - SAP FI/CO Training
SAP Audit Issues - SAP FI/CO TrainingSAP Audit Issues - SAP FI/CO Training
SAP Audit Issues - SAP FI/CO TrainingSapFico Training
 
Implémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - RapportImplémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - RapportRihab Chebbah
 
Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2Rihab Chebbah
 
Audit findings and the report
Audit findings and the reportAudit findings and the report
Audit findings and the reportDennis Arter
 
Rapport gestion projet
Rapport gestion projetRapport gestion projet
Rapport gestion projetRabeb Boumaiza
 
Projet administration-sécurité-réseaux
Projet administration-sécurité-réseauxProjet administration-sécurité-réseaux
Projet administration-sécurité-réseauxRabeb Boumaiza
 
Mise en place d'une solution du supérvision réseau
Mise en place d'une solution du supérvision réseauMise en place d'une solution du supérvision réseau
Mise en place d'une solution du supérvision réseauRabeb Boumaiza
 
QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...
QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...
QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...Qplan.net
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
Most Common Audit and Program Review Findings
Most Common Audit and Program Review FindingsMost Common Audit and Program Review Findings
Most Common Audit and Program Review FindingsJoel Weber
 
5.1 moving towards excellence (cook islands)
5.1 moving towards excellence (cook islands)5.1 moving towards excellence (cook islands)
5.1 moving towards excellence (cook islands)Corporate Registers Forum
 
QMS Audit Reporting System In SAP
QMS Audit Reporting System In SAPQMS Audit Reporting System In SAP
QMS Audit Reporting System In SAPitplant
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid themSurajit Datta
 
Detail audit finding recommendation selangor05092012 update bhari
Detail audit finding  recommendation selangor05092012 update  bhariDetail audit finding  recommendation selangor05092012 update  bhari
Detail audit finding recommendation selangor05092012 update bhariabdul bhari ahmad gafoor
 
MPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingMPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingPeter R. Egli
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasyHelpSystems
 

Viewers also liked (20)

Rédaction de-la-mémoire
Rédaction de-la-mémoireRédaction de-la-mémoire
Rédaction de-la-mémoire
 
CV Rihab chebbah
CV Rihab chebbahCV Rihab chebbah
CV Rihab chebbah
 
SAP Audit Issues - SAP FI/CO Training
SAP Audit Issues - SAP FI/CO TrainingSAP Audit Issues - SAP FI/CO Training
SAP Audit Issues - SAP FI/CO Training
 
Implémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - RapportImplémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - Rapport
 
Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2
 
Audit findings and the report
Audit findings and the reportAudit findings and the report
Audit findings and the report
 
Rapport gestion projet
Rapport gestion projetRapport gestion projet
Rapport gestion projet
 
Projet administration-sécurité-réseaux
Projet administration-sécurité-réseauxProjet administration-sécurité-réseaux
Projet administration-sécurité-réseaux
 
Mise en place d'une solution du supérvision réseau
Mise en place d'une solution du supérvision réseauMise en place d'une solution du supérvision réseau
Mise en place d'une solution du supérvision réseau
 
QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...
QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...
QMS : Audit Management, enforce compliance… plan, execute, evaluate and follo...
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
Most Common Audit and Program Review Findings
Most Common Audit and Program Review FindingsMost Common Audit and Program Review Findings
Most Common Audit and Program Review Findings
 
5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)5.6 it stream moderator (mauritius)
5.6 it stream moderator (mauritius)
 
5.1 moving towards excellence (cook islands)
5.1 moving towards excellence (cook islands)5.1 moving towards excellence (cook islands)
5.1 moving towards excellence (cook islands)
 
QMS Audit Reporting System In SAP
QMS Audit Reporting System In SAPQMS Audit Reporting System In SAP
QMS Audit Reporting System In SAP
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
 
Detail audit finding recommendation selangor05092012 update bhari
Detail audit finding  recommendation selangor05092012 update  bhariDetail audit finding  recommendation selangor05092012 update  bhari
Detail audit finding recommendation selangor05092012 update bhari
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
 
MPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingMPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label Switching
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 

Similar to Audit and security application report

stageTEK3_2017_mace_e
stageTEK3_2017_mace_estageTEK3_2017_mace_e
stageTEK3_2017_mace_eAntoine MACE
 
I-TShape LLL LdV project - Newsletter 2. issue
I-TShape LLL LdV project - Newsletter 2. issueI-TShape LLL LdV project - Newsletter 2. issue
I-TShape LLL LdV project - Newsletter 2. issueITStudy Ltd.
 
IT-Shape 2nd Newsletter
IT-Shape 2nd NewsletterIT-Shape 2nd Newsletter
IT-Shape 2nd NewsletterIT Shape
 
Internet Innovation Hub (Build-up Guide)
Internet Innovation Hub (Build-up Guide)Internet Innovation Hub (Build-up Guide)
Internet Innovation Hub (Build-up Guide)iHub.eu
 
Etaxi Documentation
Etaxi DocumentationEtaxi Documentation
Etaxi DocumentationM.Saber
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19IRJET Journal
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19IRJET Journal
 
data processing in Ufone
data processing in Ufone data processing in Ufone
data processing in Ufone University
 
The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'
The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'
The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'bluenove
 
Report it department concord(retyped)
Report it department concord(retyped)Report it department concord(retyped)
Report it department concord(retyped)Arefin Rahman
 
Project report on multiplex management system
Project report on multiplex management systemProject report on multiplex management system
Project report on multiplex management systemSavita Sharma
 
Cloud Mobility: Enabling Mobility Accross Devices
Cloud Mobility: Enabling Mobility Accross DevicesCloud Mobility: Enabling Mobility Accross Devices
Cloud Mobility: Enabling Mobility Accross DevicesEduardo Mendez Polo
 
Survey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance SystemSurvey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance SystemIRJET Journal
 
Proposal of Business research
Proposal of Business research Proposal of Business research
Proposal of Business research Muneeb Ahsan
 

Similar to Audit and security application report (20)

stageTEK3_2017_mace_e
stageTEK3_2017_mace_estageTEK3_2017_mace_e
stageTEK3_2017_mace_e
 
I-TShape LLL LdV project - Newsletter 2. issue
I-TShape LLL LdV project - Newsletter 2. issueI-TShape LLL LdV project - Newsletter 2. issue
I-TShape LLL LdV project - Newsletter 2. issue
 
IT-Shape 2nd Newsletter
IT-Shape 2nd NewsletterIT-Shape 2nd Newsletter
IT-Shape 2nd Newsletter
 
Iu report
Iu reportIu report
Iu report
 
Orange
Orange Orange
Orange
 
Internet Innovation Hub (Build-up Guide)
Internet Innovation Hub (Build-up Guide)Internet Innovation Hub (Build-up Guide)
Internet Innovation Hub (Build-up Guide)
 
Etaxi Documentation
Etaxi DocumentationEtaxi Documentation
Etaxi Documentation
 
YemenSoft Profile English
YemenSoft Profile EnglishYemenSoft Profile English
YemenSoft Profile English
 
Yemensoft profile English
Yemensoft profile EnglishYemensoft profile English
Yemensoft profile English
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19
 
6’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-196’APART – A STEP TO PREVENT COVID-19
6’APART – A STEP TO PREVENT COVID-19
 
data processing in Ufone
data processing in Ufone data processing in Ufone
data processing in Ufone
 
The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'
The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'
The 'Orange Start Up Programme' - delivering 'Corporate Open Innovation'
 
cv updated 20150115
cv updated 20150115cv updated 20150115
cv updated 20150115
 
Report it department concord(retyped)
Report it department concord(retyped)Report it department concord(retyped)
Report it department concord(retyped)
 
Project Report
Project ReportProject Report
Project Report
 
Project report on multiplex management system
Project report on multiplex management systemProject report on multiplex management system
Project report on multiplex management system
 
Cloud Mobility: Enabling Mobility Accross Devices
Cloud Mobility: Enabling Mobility Accross DevicesCloud Mobility: Enabling Mobility Accross Devices
Cloud Mobility: Enabling Mobility Accross Devices
 
Survey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance SystemSurvey Paper on Smart Surveillance System
Survey Paper on Smart Surveillance System
 
Proposal of Business research
Proposal of Business research Proposal of Business research
Proposal of Business research
 

Recently uploaded

Basic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of TransportBasic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of TransportDenish Jangid
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17Celine George
 
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...Nguyen Thanh Tu Collection
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjMohammed Sikander
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...Nguyen Thanh Tu Collection
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFVivekanand Anglo Vedic Academy
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....Ritu480198
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary
 
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMDEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMELOISARIVERA8
 
ANTI PARKISON DRUGS.pptx
ANTI         PARKISON          DRUGS.pptxANTI         PARKISON          DRUGS.pptx
ANTI PARKISON DRUGS.pptxPoojaSen20
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismDabee Kamal
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppCeline George
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................MirzaAbrarBaig5
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxCeline George
 
Climbers and Creepers used in landscaping
Climbers and Creepers used in landscapingClimbers and Creepers used in landscaping
Climbers and Creepers used in landscapingDr. M. Kumaresan Hort.
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...Gary Wood
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital ManagementMBA Assignment Experts
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesPooky Knightsmith
 
How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17Celine George
 

Recently uploaded (20)

Basic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of TransportBasic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of Transport
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17
 
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMDEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
 
ANTI PARKISON DRUGS.pptx
ANTI         PARKISON          DRUGS.pptxANTI         PARKISON          DRUGS.pptx
ANTI PARKISON DRUGS.pptx
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio App
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptx
 
Climbers and Creepers used in landscaping
Climbers and Creepers used in landscapingClimbers and Creepers used in landscaping
Climbers and Creepers used in landscaping
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical Principles
 
How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17
 

Audit and security application report

  • 1. MINISTRY OF HIGHER EDUCATION AND SCIENTIFIC RESEARCH Higher Institute of Computer Sciences El-Manar Summer Internship Report Realized by: Rihab CHEBBAH Company Supervisors: Mr Ibrahim JAOUAD & Mr Atef BAYA Company: LEONI Tunisia Departement: Information Management Technology Internship Period: From 01/06/2016 to 30/06/2016
  • 2.
  • 3. MINISTRY OF HIGHER EDUCATION AND SCIENTIFIC RESEARCH Higher Institute of Computer Sciences El-Manar Summer Internship Report Realized by: Rihab CHEBBAH Company Supervisors: Mr Ibrahim JAOUAD & Mr Atef BAYA Company: LEONI Tunisia Departement: Information Management Technology Internship Period: From 01/06/2016 to 30/06/2016 Supervisors Signatures:
  • 4.
  • 5. With grateful heart, I would like to remem- ber the persons who had helped me during the course of my internship program. I wish to place on record my words of grati- tude to Mr. Ibrahim JAOUAD for being my ad- visor and the enzyme during my internship. I owe warm-harted acknowledgement of grat- itude to Mr. Atef BAYA for being my master mind behind my internship program. Rihab CHEBBAH Acknowledgement
  • 6. Introduction Security is now a serious problem and, if present trends continue, the problem will be much worse in the future. While there are many reasons for security problems, a primary cause is that much of the software cannot withstand security attacks. These attacks exploit vulnerabilities in software systems. Software security vulnerabilities are caused by defective specication, design, and im- plementation. Unfortunately, common development practices leave software with many vulnerabilities. To have a secure infrastructure, the software must contain few, if any, vulnerabilities. This requires that software be built to sound security requirements and have few if any specication, design, or code defects. No processes or practices have currently been shown to consistently produce secure software. However, some available development practices are capable of substantially improving the security of software systems including having exceptionally low defect rates. Since introducing these methods requires signicant training and discipline, they will not be widely adopted without strong motivation from sources such as corporate leaders, customers, or regulation. Within this contexe is framed my project and audit application security during the course. In this report, we will nd 5 chapters. The rst is dedicated to present the com- pany that accepted me there for an internship. The second chapter presents application development security. Throughout the third chapter will present tested techniques to ensure application security. The following chapter contains the dierent terms, mech- anisms, models and tools that identify vulnerabilities in an application and the last chapter includes the practice we have done during this internship. 1
  • 7.
  • 8. Chapter 1 Company Presentation 1.1 Introduction All over this chapter, we will introduce the Leoni Group as well as its division in Tunisia 1.2 History In 1569, Anthoni Fournier in Nuremberg founded the rst workshop for the manufac- ture of Lyonese Wares: nest metal threads and wires of gold and silver, and later on of silver plated and gold plated copper. In 1917, Fourriers's son merged three succeeding companies into newly established Leonische Werke Roth-Nürnberg AG. Fourteen years later, the company name was changed to Leonische Drahtwerke AG, Nuremberg and they had started the production of rubber sheathed cables. After that, exactly in 1956, he Started to manufacture cable assemblies. In 1977, Leoni started its global expansion by establishing a wiring harness plant in Tunisia. This was soon followed by further new plants subsidiaries and acqui- sitions in many countries, USA, Germany, China, Corea, Egypt, etc ... Till now, Leoni have acquired the wiring harness division of the French automative sup- plier Valeo. This resulted in Leoni becoming the European market leader for automative wiring systems and the number four supplier in the world. 3
  • 9. 1.3 Leoni structure Leoni group has 2 main divisions : Wiring Systems Division (WSD) and Wire Cable Solutions (WCS) Leoni group has more then 67,000 employees: 58,000 within the WSD and the rest, 8,000 employees, within WCS. Wiring Systems Division For the automotive and other industries LEONI is a proven global partner. Its Wiring Systems Division develops and supplies innovative wiring solutions, as well as compo- nents, for passenger car producers, commercial vehicle manufacturers and for system and component suppliers. Figure 1.1: Wiring Systems Division LEONI is the European market leader for wiring systems and is one of the world's premier providers of automotive electrical and electronic distribution systems. Its mis- sion is to give the customer precisely what is required, from the initial design concept to the safe installation of the nal product. Wire Cable Solutions The Wire Cable Solutions Division (WCS) beneted from the still heavy demand for automotive cables as well as good performance of the business involving cables for in- dustry and the healthcare sector. 4
  • 10. Figure 1.2: Wire Cable Solutions With the aim of strategic further growth, the division will sharpen the focus of its market activity and to that end will look into consolidating its portfolio. In addition to further strengthening of its position in the automotive cables market, the agenda includes expansion of select segments of industrial business. This will involve stepping up development towards being a solutions provider. 1.4 Leoni Global Network Leoni's Group is located in over 16 countries; Brazil, China, Egypt, France, Germany, India, Italy, Morocco, Mexico, Porugal, Romania, Russia, Serbia, Slovakia, Ukraine and Tunisia; with over 35 production's sites. Its production space is about 550,000 m2 . Figure 1.3: Leoni's locations 5
  • 11. 1.5 Leoni Wiring System Tunisia Leoni Wiring System was established in Tunisia in 1977 and had built 2 subsidiaries; Sousse and Mateur Sud Mateur Nord. In Sousse, Leoni has dierent plant sections which work for dierent cars' costemers like Audi, BMW, VW and others... About 6500 employees work there. Mateur Sud Mateur Nord has over 6000 employees and there are 2 plant sections : one for the costemers Fiat and Panda and one for PSA. 1.6 Information Management at LEONI The Information Management (IM) at LEONI is organized as shown below: Figure 1.4: IM Organization - Bundling of Global Services Above the world, Leoni Wiring System has 4 IM service centers : one in North Africa, one in Easten Europe, one in Americas and the other one in Asia. 6
  • 12. Figure 1.5: IM Service Centers Organization 1.7 Information Management Service Center North Africa Information Management Service Center North Africa (IM SC NA) is 1 of the 4 service centers of IM in the world. It supports in IT as well Applications Environment. it was established in 2005 with 3 members worked as web developers. Now, it has 65 members with 14 teams. Figure 1.6: Information Management Service Center North Africa teams 7
  • 13. The teams are classied according to their objective: one team assistance for the IM SC NA, one Team IM demand for managing projects, three development teams for programmig softwares, three teams works as system analysts, two teams for PPS consulting, one team for MES consulting and four teams works as systems Administrator for IT section. 1.8 Information Management IT teams The IM IT group is composed of multiple teams; Microsoft, Security team, team of Network and Communication and also a team of Data Center Private Cloud. These teams are providing services to the local ITs. They are the second level support. They are supported by external companies as third level support. The relationship between these levels is based on client-provider concept. Figure 1.7: IT Support levels 1.9 Information Management IT Security Team Leoni uses Enterprise solutions to manage its products. 8
  • 14. Figure 1.8: Enterprise Solution Sophos enterprise Solutions Sophos enterprise Solution is an automated console that manages and updates Sophos security software on computers using operating system and virtual environment such as VMware vShield. It allows protecting network against malware, le types and dangerous websites, malicious network trac, adware and against other potentially unwanted applications. It also checks the Web sites where users can go and further protecting the network against malware and prevents any user to visit inappropriate websites. Moreover, Sophos enterprise console prevents the use of unauthorized external storage devices and wireless connection technologies on endpoint computers, administers the protection of client rewall on endpoint computers and assesses computers for any missing patch. Application control Application Control enables network administrators to block certain legitimate appli- cations from running on work computers. Typically, they use Application Control to prevent users from running applications that are not a security threat, but that they decide are unsuitable for use in the workplace environment, e.g., games or instant messaging programs. In accordance with the company policy on Application Control, the administrators can authorize required applications, and block those which are not required all from the central console. 9
  • 15. Sophos Device Control Sophos Device Control allows an administrator to manage the use of storage devices, network interfaces and media devices connected to all managed endpoints. Sophos Update Manager Sophos Update Manager is always installed on the computer where the Enterprise Console is installed. This is the component which is responsible for getting the updates from Sophos and is the updating source for the computers on the network. It allows administrators to create shares that contain the endpoint software that they want to deploy. The computers update themselves from these shares. Sophos Firewall The Sophos rewall enables only named applications, or classes of applications, to access the company network or internet. The default rewall settings permit only basic network communications and are not adequate for normal use. Anything more than basic networking, e.g. your email software, web browser and any network database access, will probably not work correctly with the default policy which blocks all non- essential connections. Sophos policies Meanwhile installing Enterprise Console, default policies are created. These policies are applied to any created groups. The default policies are designed to provide eective levels of protection. If the administrators want to use features like network access control, patch, application control, data control, device control, or tamper protection, they need to create new policies or change the default policies. Sophos Enterprise Console reports Enterprise Console reports are available via the 'Report Manager'. Using the Report Manager, administrators can quickly create a report based on an existing template, change conguration of an existing report, and schedule a report to run at regular intervals, with the results being sent to a chosen recipients as an email attachment. They can also print reports and export them in a number of formats. 10
  • 16. IM IT Security Team services Leoni uses: Sophos as Antivirus solution; Safeguard for Encryption Solution; Varonis as Folder Access Rights Audit solution. The goal of the team IM-IT security in Tunisia is to ensure a secure environment for the end user by managing the antivirus (Sophos), the data encryption (Safeguard) and the data ownership (Varonis). The PKI is measured by the service vailability. Sophos anti-virus Sophos antivirus is an endpoint protection for innovative businesses against current and future threats. It's a simple and sophisticated antivirus at a time, advanced protection against threats, Web ltering and compliance with policies. It has proven protection that automatically identies new threats, blocks or deletes them. It includes an intrusion prevention system on the host (HIPS) integrated that automatically adjusts to better combat malware. It oers also a Live Protection connected to the lab to get the latest threat data. Its infrastructre is composed of : Endpoint Device acts as a user endpoint in a distributed computing system. Typ- ically, the term is used specically for Internet-connected PC hardware on a TCP/IP network. However, various network types have their own types of end- point devices in which users can access information from a network. It can include desktop or laptop computers, as well as portable devices like tablets and smart phones. Center Installation Directory This is a set of les that includes everything needed for installation. Management Server is a set of tools from Microsoft that assists in managing PCs connected to a local-area network (LAN). It enables an administrator to create an inventory of all the hardware and software on the network and to store it in a database. Using this database, it can then perform software distribution and installation over the LAN. This server also enables the administrator to perform diagnostic tests on PCs attached to the LAN. 11
  • 17. Sophos Update Manager Manages data and update distribution from Sophos. VARONIS Folder Access Rights Audit Varonis ensures that only the right people have access to the right data at all times, all access is monitored, and abuse is agged. It Identifes where most sensitive data resides, sees who has access to it, who is accessing it, and safely locks it down. Varonis FARA runs also permissions reports, nds lost les, assigns data owners, and conducts security investigations more eciently than ever. IT sta spend less time on manual data management and protection tasks and can focus on critical projects because it automatically detects and corrects changes that don't meet organization's change management policies. They Receive alerts on anomalous behavior, privilege escalations, and unauthorized access to critical les and folders. Sophos Safeguard Hard-Disk Encryption Hard Disk Encryption provides automatic security for all information on endpoint hard drives, including user data, operating system les and temporary and erased les. For maximum data protection, multi-factor pre-boot authentication ensures user identity, while encryption prevents data loss from theft. It protects from unauthorized access when laptops are lost or stolen. Conclusion Troughout this chapter, we presented Leoni Wiring System and detailed its services especially the services of IM IT security team where I did my internship 12
  • 18. Chapter 2 Security Software Development Introduction Applications are developed with many dierent skill levels and a variety of security awareness. The security must be assumed at every stage of projects' development. 2.1 Programming Languages Dierent programming languages are used to develop software code. There are 2 types of programming languages: compiled and interpreted languages. • Using compiled languages, the programmer compiles the code. The code then is converted to an executable le for use on a specic OS. This type of programming is less prone to be manipulated but there is a possibility to contain some back doors or other security aws created by unskilled programmers. • With interpreted languages, the developer shares the source code. The end user can use it and execute it on their OS. In this case, they can inject any back doors into the original code written by the developers. 13
  • 19. 2.2 Object Oriented Programming Object-Oriented Programming refers to a type of computer programming in which pro- grammers dene not only the data type of a data structure, but also the functions that can be applied to the data structure. In this way, the data structure becomes an object that includes both data and functions. In addition, programmers can create relation- ships between one object and another. For example, objects can inherit characteristics from other objects. With OOP, users need to know every input, output and actions corresponds to each object. 2.3 Avoiding and mitigating system failure To avoid and mitigate system failure, there are some methods could be used: input verications and fail-safe or fail-open procedures: Input verication: veries that the values inserted by a user match the programmer's expectation before allowing further processing. Fail-open procedures: programmers should code scripts to respond and handle failure system. • Fail-secure failure state: this failure block the system and only the adminis- trator could solve it and restore it to normal operation. • Fail-open state: it allows users with permissiveness to solve it. 2.4 Systems Development Life Cycle (SDLC) It's a software development processes denes the principal stages that projects passes through to ensure good coding practices, embedding security in every stage. 14
  • 20. Figure 2.1: Systems Development Life Cycle Conceptual denition: This phase is the rst step of any system's life cycle. It denes the project and commits the appropriate resources. Functional requirements development: this phase involves collecting, dening and val- idating functional, support and training requirements. Control specications development: security of the project is designed at this stage. It should provide access control to users, audit trail, detective mechanism for aws. Design review: in this phase, the designers determine how the system will interoperate. Code review walk-through: During this phase, systems are developed or acquired based on detailed design specications. System test review: after coding, testes are required to verify the system operation using development personnel to seek out any obvious error. Maintenance and change management: this phase is due to ensure that sponsor needs continue to be met and that the system continues to perform according to speci- cations Life Cycle Model Software development organizations implement process methodologies to ease the pro- cess of development. 15
  • 21. Waterfall model the waterfall model has 7 phases: system requirements, software requirements, prelim- inary design, detail design, code and debug, testing, operations and maintenance. It describes a method of development that is linear and sequential; allows returning to the previous phase to correct system faults Spiral model The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. His emphasis places on risk analysis. We use it when costs and risk evaluation is important or when the requirements are complex.... Agile software development Agile development methodology provides opportunities to assess the direction of a project throughout the development lifecycle. Agile methodology is described as it- erative and incremental. In an agile paradigm, every aspect of development, requirements, design . . . is contin- ually revisited throughout the lifecycle. Agile software developed has produced Manifesto for Agile Method development The Agile Manifesto is based on twelve principles: 1. Customer satisfaction by early and continuous delivery of valuable software 2. Welcome changing requirements, even in late development 3. Working software is delivered frequently (weeks rather than months) 4. Close, daily cooperation between business people and developers. 5. Projects are built around motivated individuals, who should be trusted 6. Face-to-face conversation is the best form of communication (co-location) 7. Working software is the principal measure of progress 8. Sustainable development, able to maintain a constant pace 9. Continuous attention to technical excellence and good design 10. Simplicity; the art of maximizing the amount of work not done; is essential 16
  • 22. 11. Best architectures, requirements, and designs emerge from self-organizing teams 12. Regularly, the team reects on how to become more eective, and adjusts accord- ingly Software capability maturity model It is a methodology used to develop and rene an organization's software development process. CMM can be used to assess an organization against a scale of ve process maturity levels. There are ve maturity levels designated. 1. Initial: the starting point for use of a new or undocumented repeat process. 2. Repeatable: the process is at least documented suciently such that repeating the same steps may be attempted. 3. Dened: the process is dened / conrmed as a standard business processes. 4. Managed: the process is quantitatively managed in accordance with agreed-upon metrics. 5. Optimizing: the process management includes deliberate process optimization/improvement IDEAL model The IDEAL model forms an infrastructure to guide organizations in planning and im- plementing an eective software process improvement program, and is the founding strategy employed in delivering many Software Engineering Institute (SEI) services. Organizations that follow the IDEAL approach to software process improvement (SPI) can eectively integrate SEI technologies, courses, workshops, and services into a com- prehensive method for managing and improving their overall capacity. 17
  • 23. Figure 2.2: Ideal Model Process Gant chart and Pert Gant chart is a graphical tool illustrates a schedule that helps to plan and coordinate specic tasks in a project. Pert is a project scheduling tool used to direct improvements to project management and software coding in order to produce more ecient software. 2.5 Change and conguration management Change management After releasing a software project, there can be suggestions from users to perform the project, correct the bugs or to request any other modications. Thus, programmers should have procedures to manage changes to support future auditing, investigation and analysis requirements. Change management process has 3 basic components: • Request control: used by terminal users to request modications, also by managers to conduct or benet analysis and by developers to prioritize tasks. • Change control: dedicated only for developers. They can re-create the situation encountered by the users and analysis the appropriate changes. In addition, the developers can restrict the eects of the new-code after updating or changing to minimize the diminishment of a security. 18
  • 24. • Release control: this phase assures the re-release of the software project and it includes acceptance testing to ensure that any alterations to end-user work tasks are understood and functional. Conguration Security administrators should be aware of the importance of conguration manage- ment. It used to control the software project versions and change it to the software conguration. It has 4 main components: • Conguration identication: administrators document the conguration of coherent software products throughout the organization. • Conguration control: this phase veries the changes made in accordance with the change control respecting the policies. Updates can be made only from authorized distributions in accordance with those policies. • Conguration status accounting: at this stage, procedures are used to track autho- rized changes. • Conguration audit: It ensures that there is no unauthorized conguration changed. 2.6 DevOps Approach It's a combination of software development and operations that cooperate together to respond to the requirements while maintaining a high quality. Figure 2.3: DevOps Approach 19
  • 25. 2.7 Application Programming Interfaces (APIs) Nowadays, web applications need interactions between dierent web services. There- fore, organizations oer APIs to facilitate these interactions through function calls. The APIs pose some security risks. So, developers must use the authentication re- quirement. This authentication is done to provide authorized APIs users with API key passed with each API call. The backend system validates this API key before processing a request while ensuring that this request is authorized to call the specic API. 2.8 Software Testing After programming a software project, it's necessary to check and test the project operations. There are 3 software testing methods: • White-box testing: this method examines the code itself line by line and analysis the program for potential errors. • Black-box testing: it examines the software project by using dierent inputs' sce- narios and inspecting the output with no need to view the code. • Gray-box testing: it examines the code to help design their tests and also examines the software analyzing inputs and outputs. The security of software is also needed testing. There are 2 categories of testing: • Static test: it veries the security of software by analyzing either the source code or the compiled application without running the project. Static testing uses an automated tool design to detect aws. • Dynamic test: it tests software in a running mode. It can use web application scanning tool to detect aws in web applications 2.9 Code repository Code repositories are made to facilitate software development. There are code reposi- tories supports open source software development for public users, and others contains code with secret information limited for authorized developers and users who has read and/or write access. Developers must take care of their access controls and also should not include any sensitive information in public code repository. 20
  • 26. 2.10 Service Level Agreements (SLAs) It's a contract between organization and internal/external customers to provide an agreed level of dierent services. 2.11 Software Acquisition It's a set of rules which direct how software will be obtained. The rules will vary ac- cording to need. It may state where software will and will not come from, who decides where it comes from, who may install it, the methods of delivery and installation, who is responsible for maintaining the usage licenses and how often software requirements are reviewed. Some policies will go further and incorporate rules on software disposal, but others will put those rules into a separate software disposal policy. 2.12 Establishing databases and data warehousing Because of many projects need users' private information, using databases would be a solution to storage theses information safely. Database management system architecture There are 2 architectural types: Hierarchical and distributed databases and Relational database. Hierarchical and distributed databases It's a one-to-many data model. It combines attributes and tuples related in a logical tree structure. The distributed data model stores data in dierent databases logically connected. It's a many-to-many data model. Relational database It is a database composed of two-dimension tables contains attributes of an object. The relationship between the tables is dened to identify related tuples. The tuples are identiable using a variety of keys. 21
  • 27. • Candidate keys: is a subset of attributes that can be used to uniquely identify any record in a table. • Primary key: it is selected from the candidate key for a table to be used to uniquely identify tuples in a table. • Foreign key: for managing relationships between multiple tables, and ensure data consistency. It ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the order table in the relationship. All relational databases use the structured Query Languages for accessing and manip- ulating databases. Database transactions Transaction is a set of separate actions that must all be completely processed, or none processed at all. It can consist of multiple SQL statements not just one. All database transactions requires 4 characteristics known as ACID : Atomicity: This means that a transaction must remain whole it's all or nothing. So, the transaction as a whole must either fully succeed or fully fail. If and when the transaction is a success, all of the changes must be saved by the system. If the transaction fails, then all of the changes made by the transaction must be completely undone and the system must revert back to its original state before the changes were applied. Consistency: this means that a transaction should change the database from one consistent state to another. Isolation: This means that each transaction should do its work independently of other transactions that might be running at the same time. Durability: This means that any changes made by transactions that have run to completion should stay permanent, even if the database fails or shuts down dues to something like power loss. Security for multilevel databases In a multilevel secure Database, users cleared at dierent security levels access and share a database consisting of data at dierent sensitivity levels. A powerful and dynamic approach to assigning sensitivity levels to data is one which utilizes security constraints 22
  • 28. or classication rules. Security constraints provide an eective and versatile classication policy. They can be used to assign security levels to the data depending on their content and the context in which the data is displayed. They can also be used to dynamically re-classify the data. In other words, the security constraints are essential for describing multilevel applications. We have dened various types of security constraints. They include the following: 1. Constraints that classify a database, relation or an attribute 2. Constraints that classify any part of the database depending on the value of some data 3. Constraints that classify any part of the database depending on the occurrence of some real-world event 4. Constraints that classify association between data 5. Constraints that classify any part of the database depending on the information that has been previously released 6. Constraints that classify collections of data 7. Constraints that classify any part of the database depending on the security level of some data 8. Constraints which assign fuzzy values to their classications. Concurrency It's an edit control, locks features to allow one user to make changes in data and deny the others. And then, unlocks it to allow others to access the data they need. It becomes a detective control when administrators use concurrency with auditing mechanisms to track the data changes. Other security mechanisms Administrators may use features to maintain data's integrity and availability and also they can improve granularly security access control. • Content Dependent Access Control is a method for controlling access of users to resources, based on the content of the resource. CDAC is primarily used to protect databases containing potentially sensitive data. 23
  • 29. • Cell-suppression is the concept of hiding individual database elds or imposing more security restrictions on them • Context Based Access Control means that the decision whether a user can access a resource doesn't depend solely on who the user is and which resource it is • Database partitioning Partitioning a database improves performance and simplies maintenance. By splitting a large table into smaller, individual tables, queries that access only a fraction of the data can run faster because there is less data to scan. • Polyinstantiation: is the concept of type being instantiated into multiple independent instances (objects, copies). A multilevel relation is said to be polyinstantiated when it contains two or more tuples with the same apparent primary key values. Storage data and information Data is processed through a computer's storage resources; both memory and physical resources. Type of storage • Primary storage contains Real memory (RAM), the main memory, related to the system's CPU, contains registries and cache memories, through Memory Bus. Primary storage is usually the most high-performance storage resource available to a system. • Secondary storage consists of more inexpensive and nonvolatile storage resources such as tapes, disks, hard drives, ash drives and CD/DVD storage. Storage threats Information security professionals should be aware of two main threats posed against data storage systems. 1. The threat of illegitimate access to storage resources exists no matter what type of storage is in use. Therefore, administrators should protect against attacks directly accessing to the physical storage to nd data. In addition, systems that work with multilevel security should ensure that data from one classication level is not readable in another level. 24
  • 30. 2. Covert channel attacks are where two entities can communicate by manipulating shared resources in unintended ways, endangering critical assets. Attackers can use such a mechanism to leak sensitive information, thus violating provably correct information ow policies. 2.13 Understanding knowledge-based systems Engineers and developers use a knowledge base to solve complex problems Expert systems Expert system has 2 main components: the knowledge base and the inference engine Knowledge base: experts solve complex problems by reasoning about knowledge in a series of if-then statements. Inference engine: experts reason in a logical way with fuzzy logic techniques depending on past experience to solve problems; analyze information in the knowledge base to arrive to the appropriate decision. Neural networks The network is composed of a large number of highly interconnected processing elements working in parallel to solve a specic problem. Neural networks learn by example or from experience. Decision support system It is an application that analyzes business data and presents it so that users can make business decisions more easily. It is an informational application that collects the data in the course of normal business operation. Security Applications Many security applications are oered to both expert systems and neural networks. These security applications can provide inference engine and also knowledge base to make information from dierent audit logs across a network and provide notications to security administrators when the activity of an individual user varies from the user's standard usage prole. 25
  • 31. Conclusion Within this chapter, we introduced introduced a whole security in application develop- ment as well as applications development patterns and life cycles. 26
  • 32. Chapter 3 Security Testing Introduction Testing is an important part of software development and it is vital to start it as early as possible, its objectives is to nd aws and vulnerabilities of a system. Throughout this chapter, we will introduce some testing techniques that helps to identify software's aws 3.1 Secuity testing Description Security testing is basically a type of software testing that's done to check whether the application or the product is secured or not. It checks to see if the application is vulnerable to attacks, if anyone hack the system or login to the application without any authorization. Security testing is implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner. 3.2 Security Testing in SDLC phases Unit Test - Coding phase During the life cycle of a process,testes are iplemented in deferent phases , we found he unit test In coding pahse. 27
  • 33. Unit test tests logic in classes by programmers to show code level correctness. They should be fast and not dependend on other parts of the system that you don't intend to test. The primary goal of unit testing is to take the smallest piece of testable software in the application, isolate it from the remainder of the code, and determine whether it behaves exactly as you expect. Each unit is tested separately before integrating them into modules to test the interfaces between modules. Unit testing has proven its value in that a large percentage of defects are identied during its use. Integration Test - integration and validation phase Integration testing identies problems that occur when units are combined. By using a test plan that requires you to test each unit and ensure the viability of each before combining units, you know that any errors discovered when combining units are likely related to the interface between units. This method reduces the number of possibilities to a far simpler level of analysis. The idea is to test combinations of pieces and eventually expand the process to test your modules with those of other groups. Eventually all the modules making up a process are tested together. Beyond that, if the program is composed of more than one process, they should be tested in pairs rather than all at once. Functional Test - integration and validate phase Functional testing is a quality assurance (QA) process and a type of black-box testing that bases its test cases on the specications of the software component under test. Functions are tested by feeding them input and examining the output, and internal program structure is rarely considered. It usually describes what the system does. Functional testing typically involves six steps 1. The identication of functions that the software is expected to perform 2. The creation of input data based on the function's specications 3. The determination of output based on the function's specications 4. The execution of the test case 5. The comparison of actual and expected outputs 6. To check whether the application works as per the customer need. 28
  • 34. 3.3 Fuzzing Test Fuzzing is a method of testing software to nd security holes and unexpected behavior of an application, using semirandom data. It is about injecting invalid or random inputs in order to reveal unexpected behaviour and to identify errors and expose potential vulnerabilities. Fuzzing Test Process Figure 3.1: Fuzzing Test process The fuzzing process is dened as shown here, First, a generator produces test inputs. Second, the test inputs are delivered to the system under test. The delivery mechanism depends on the type of input that the system processes. Third, the system under test is monitored for crashes and other basic undesirable behavior. Also Reports describes the results of the test could be generated automatically. One can monitor the target application in many ways: • Observation of program behavior • Logs • Debuggers (!exploitable...) • Files, processes and network monitors 29
  • 35. • Virtualization (VMWare) • Source code modications (breakpoints) • Additional techniques (Valgrind, GuardMalloc) • Combined techniques Fuzzing Test and SDLC Figure 3.2: Fuzzing Test process Application is tested by a previously prepared fuzzer. Test results are veried by testers. Next, they are sent to programmers. If any errors occur, programmers must x the application. New build once again must pass the fuzzing process. Advantages • Full automatization (in most cases) • Fuzzers nd real vulnerabilities • Ability to identify bugs which are hard to nd by manual testing • Ability to quickly obtain satisfactory results (rst bug) 30
  • 36. disadvantages • Inability to nd logical bugs • Inability to nd complex bugs • Time required for performing test is very hard to specify 3.4 Security test cases Security test cases cheat list or check-list can provide simple test cases and attack vectors that can be used by testers to validate exposure to common vulnerabilities. Case of input validation Input validation is the correct testing of any input; we should verify the data is strongly typed, correct syntax, within length boundaries, contains only permitted characters, or that numbers are correctly signed and within range boundaries. Case of Access Control Access control policies can be specied in programming languages or policy specication languages and implemented in a particular access control implementation. Policies need to be carefully designed and implemented to prevent data from unauthorized access, diclosure of sensitive data dos and ddos attacks... Case of Cryptography Policy The Cryptography Policy sets out when and how encryption should (or should not) be used. It includes protection of personal, condential and commercially sensitive information and communications, key management, and procedures to ensure encrypted information can be recovered by the organisation if necessary. Case of Authentication and Session Management Authentication is the process of verication that an individual, entity or website is who it claims to be. Session Management is a process by which a server maintains the state of an entity interacting with it. Sessions are maintained on the server by a session identier which 31
  • 37. can be passed back and forward between the client and server when transmitting and receiving requests. Sessions should be unique per user and very dicult to predict. Case of Data Protection Limit access to data based on the least privilege principal. Encrypt sensitive data and information like stored passwords, connection strings and properly protect decryption keys. We should Make sure all cached or temporary copies of sensitive data are protected from unauthorized access and get purged as soon as they are no longer required. Communication Security When transmitting sensitive information, at any tier of the application or network architecture, encryption-in-transit should be used. We should Use a trusted certicate authority to generate public and private keys whenever possible. Moreover, proper security controls must be in place to protect the private keys from unauthorized access. Conclusion Secure applications can ensure system safety and security. It can impede attacks by hackers. Security testing is one of the most important tests that you should conduct before introducing it to the commercial domain. 32
  • 38. Chapter 4 Secure Computing Introduction Before we get into the work that has been done for this project, a better understanding of security attributes in the standard computer system, threat models, methodologies along with their respective tools. 4.1 Security Attributes and Terms Malware Malicious software or malware is software developed by a hacker in order to harm a computer system. There are dierent types of malwares: Virus It's a malware transmitted via network or through removable media. It settles into programs and parasite them while producing harmful eects to infect these programs. We distinguish: Boot virus : it is loaded in memory at startup and takes control of the computer application Virus : it infects executable program and triggers the execution thereof 33
  • 39. macro virus : A hacker is a person who circumvents or destroys the protective soft- ware, a computer or a computer network for malicious purposes. Worm A worm is an independent malware that spreads from computer to computer through the Internet or any other network and disrupts the functioning of the systems involved and executed by users themselves. Worms are often designed to saturate the available or extending the duration of treatment resources. They can also destroy a computer data, disrupting the operation of the network or illegally transferring information. A worm can produce eects immediately or in a deferred manner. Unlike viruses, worms do not implant themselves within another program. It spreads autonomously. Trojan horse Trojan is harmless software, installed or downloaded and in which was hidden malware that can for example enable the fraudulent collection, falsication, or destruction of data. The Trojan does not reproduce. Spyware Is software designed to collect concerned data or system's information it uses to third parties without the knowledge of the user. Adware Is software that displays advertisements on the computer screen and transmits to his publisher information to tailor those ads in prole. The adware is often integrated or combined with a freeware or shareware with a dierent object and it's treated as spyware. Vulnerability Vulnerability is seen as a weakness in the system which allows an attacker to reduce or completely remove the system's information assurance. Threat A threat is seen as a possible danger that could exploit the above-mentioned vulnera- bilities. It can be seen as either intentional or accidental; An intentional example would 34
  • 40. be an attacker sending malicious code to the system to cause a denial of service, while an accidental threat can be related to any natural disaster that could cause physical hard to the system. Attack An attack is an attempt to destroy, expose, alter, or steal information within the system. It is also dened. Risk A risk is the likelihood and impact of a possible threat or attack. Asset An asset within a system can be data, a device, or any other component that supports information related activities. This is an important aspect to consider since an entire system is made up of various assets that have to be considered when dealing with overall security. 4.2 Threat Models A threat model describes security aspects with respect to a particular kind of system by associating a set of potential vulnerabilities, threats and attacks while keeping in mind the potential set of assets incorporated with specic functions or use cases. Assets play an important role when considering the possible threats to a particular system. Without a set of target assets for the system, threats cannot exist within that system. At the same time, however, without assets, there's a possibility that there is no system to. Risk assessment is normally done after the threat modeling process in order to map each threat to either a mitigation mechanism or to an assumption that is not worth worrying about in certain contexts. CIA Model the CIA model is described by its aspects :Condentiality, Integrity and Availability. 35
  • 41. Figure 4.1: CIA Model Condentiality : Denition and enforcement of appropriate access levels for sensitive information. Integrity: Protection of data from being modied or deleted by an unauthorized party and ensuring that authorized changes that should not have been made can be undone. Availability : Ensures that access to all resources that are needed to provide informa- tion are always available. Most security experts are familiar with this particular model as it is the basis for describing the most important security aspects of a system. The CIA model gave us a foundation on which we were able to extend on in order to create a more detailed threat modeling system. STRIDE Model The STRIDE model is an alternative approach to threat modeling that was proposed by Microsoft. The name stride is based on of the initial letter of possible threats. Spoong: attackers pretend to be someone or something they are not; Tampering: attackers change data in transit or in a data store ; 36
  • 42. Repudiation: attackers perform actions that cannot be traced; Information Disclosure: attackers gain access to data in transit or in data store that they shouldn't have access to ; Denial of Serices: attackers interrupts normal operation of the system; Elevation of privilege: attackers perform actions they are not authorized to perform. This model classies threats in accordance with their categories. By using these cate- gories of threats, one has the ability to create a security strategy for a particular system in order to have planned responses and mitigations to threats or attacks. When using STRIDE, the following threat-mitigation table can be used to identify techniques that can be employed to mitigate the threats. 4.3 Methodologies / Modeling tools Multiple modeling tools were considered for this project. The tool should be the same along with being exible in the sense that it can be adapted to our purposes, and as thorough as possible with regards to the basis of cyber security. Below is a brief description of each tool that was researched with some small discussion details. Microsoft SDL Threat Modeling Tool 2016 MS threat modeling tool 2016 is a tool helps to nd dierent threats in the software development lifecycle. The SDL Threat Modeling Tool enables any developer or software architect to: • Communicate about the security design of their systems • Analyze those designs for potential security issues using a proven methodology • Suggest and manage mitigations for security issues It graphically identies processes and data ows (DFD) that comprise an application or service and oers • easy drawing environment, • an automatic threat generation using the stride per interaction approach • an option for user-dened threats to be added. 37
  • 43. It follows a well-dened process Figure 4.2: MS Threat Modeling Tool process Diagram : with this tool, we can drag and drop to build an understanding and a simple DFD for any use case or function specied. The elements of this DFD are explained below Figure 4.3: Data Flow Diagram elements Identify threats : Once the model is complete, the MS threat modeling tool can be used to automatically analyze the model and determine what kind of threats are apparent to the function using the STRIDE model. Every threat could aect any type of DFD's elements. 38
  • 44. Figure 4.4: Threats for each DFD's elements Mitigation : Mitigation is the point of threat modeling. Threats are further analyzed by exploring the attack paths, the root causes for the threat to be exploited, and the necessary mitigation controls. we need, rst of all, to get specic about threat manifestation. threat What we want Spoong Authentication Tampering Integrity Repudiation Nonrepudiation Information Disclosure Condentiality Denial of Service Availability Elevation of privilege Authorization Table 4.1: Threat manifestation When using STRIDE, the following threat-mitigation table can be used to identify techniques that can be employed to mitigate the threats. 39
  • 45. Figure 4.5: Standard mitigations Once threats and corresponding countermeasures are identied it is possible to derive a threat prole with the following criteria: 1. Non mitigated threats: Threats which have no countermeasures and repre- sent vulnerabilities that can be fully exploited and cause an impact 2. Partially mitigated threats: Threats partially mitigated by one or more coun- termeasures which represent vulnerabilities that can only partially be ex- ploited and cause a limited impact 3. Fully mitigated threats: These threats have appropriate countermeasures in place and do not expose vulnerability and cause impact Validate : validation is done in 3 steps 1. Validate threat models: here, we need to verify the whole threat model; the diagrams must match the nal code, each threat need to be mitigated in the right way. 2. Validate quality of threats and mitigations: we need to conrm threats de- scribe the attack, the context and also the impact. In addition, mitigations 40
  • 46. must be associated with the threat, described very well and also have to le a bug. 3. Validate information captured: we need to validate the dependencies if we use some and validate things we noted while building the threat model. OCTAVE OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)is a risk based strategic assessment and planning technique for security. It is mainly known for being self-directed. This means that people from a company or organization assume responsibility for setting their own security strategy. OCTAVE targets organizational risk and concentrates mainly on strategic, practice- related issues. The evaluation methodology is exible to accommodate most organiza- tions. It also utilizes not only people from the information technology department but also those from operational departments to address the security needs of the organiza- tion as a whole. It is important to also note some of the key characteristics of the OCTAVE approach. For example, OCTAVE is an asset-driven evaluation approach. Teams that analyze a specic system or infrastructure: 1. Identify information-related assets that are important to the organization 2. Focus risk analysis on those assets judged to be most critical to the organization 3. Consider the relationships among critical assets, threats to those assets, and vul- nerabilities that can expose the specied assets to threats Microsoft Threat Analysis and Modeling Tool The Threat Analysis and Modeling Tool (TAM) is an asset-focused tool designed for LOB applications. It is used for applications for which business objectives, deployment pattern, and data assets and access control are clearly dened. The focus of the tool is to understand the business risk in the application, help identify controls needed to manage that risk, and protect the assets. Microsoft Threat Analysis Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. The theat tree is a method to explore valid attack paths ,represents conditions needed 41
  • 47. to exploit the threat. It determines all the combined vulnerabilities associated with a threat and focuses on mitigating the vulnerabilities that form the path of least resistance. Figure 4.6: Threat Tree Along with automatically identifying threats, the tool can produce valuable security artifacts such as: • Data access control matrix • Component access control matrix • Subject-object matrix • Data Flow • Call Flow • Trust Flow • Attack Surface • Focused reports 4.4 Norme ISO 27002 The ISO / IEC 27002 standards is a code of practice for the management of information security. This is a general consultative document and not a formal specication. it recommends in information security measures on the objectives of security contracts resulting from the information risks to the condentiality, integrity and availability of 42
  • 48. information. According to ISO 27002 standard, we must ensure that information security is part of information systems in providing services on public networks. Conclusion All over this chapter, we presented the master keys of our work which will be detailed in the next chapter. 43
  • 49.
  • 50. Chapter 5 Use case Based on Threat Models Introduction During mu interniship in Leoni Wiring System Tunisia, we were given to look for threats in dierent scripts. In this chapter, we will present the fruit of our work. 5.1 Script threat analysis Technical description script The application is named Sophos Unmanaged machines followup tool. This application will query the Sophos Database to generate Unamanaged machines in dierent Leoni sites. The list of sites can be found on a text le named OUlist.txt located in the same folder as the application. After quering the Sophos Database for Unmanaged machines in dierent sites, the application will create a folder with the current date as name (DD-MM-YYYY). On this folder, the application will generate an Excel le for each site. The Excel le will contain four columns. One for the machine name, one for the DNS status (it contains the result of nslookup against the concerned machine. If the machine has a DNS entry, the label will contain Has DNS entry otherwise, it will contain Has no DNS entry. The third column is for the connectivity status (It contains the result of pinging the machine, and the fourth named Exempted (this means if the machine is listed in the Exception list described above or not). After generating the Excel le with the list of Unmanaged machines, the application 45
  • 51. will look for the corresponding contact person(s) of the concerned site in an Excel le named ContactList.xlsx contained in the same folder as the main application. An email will be sent to the contact person(s) with the list of Unmanaged machines. The maintenance of this application will be ensured through the maintenance of the OUlist.txt which contains the list of the sites to follow up, the Con- tactList.xlsx le which contains the list of contact persons by site, Email- Body.txt to modify the email body, and ExceptionList.xlsx to add a technical exception. Application decomposition The Threat Analysis and Modeling Tool allows us to decompose the application into roles, Data and components. Roles We have found 2 main roles: user roles and service roles. User roles are assigned to any user who will be interacting with the application. Roles dene the trust levels of software application, and are primarily used to make autho- rization decisions. Further this application, we have found only he site's responsible or the adminitrator as user. He is the only one who has the ability to solve a problem of an unmanaged machine. Figure 5.1: Application decomposition - User Roles Service Roles are trust levels, containing specic identities, which dene the context of various components running in the software application. Within this context, we have found the SQL Server, Active Directory, .Net Framework, Microsoft Excel and Windows Text le. 46
  • 52. Figure 5.2: Application decomposition - Services Roles Data Data denes the information type that is maintained, or processed, by the software application. with this application, we needed to the Contact List, the Exception List, Site List, Mail Body and unmanaged machines Figure 5.3: Application decomposition - Data Components Components are the building blocks of a software application that dene an instance of a technology type such as a database, a web service, and so on. We have found as components within this application the SQL Server, Active Directory, .Net Framework, Microsoft Excel and Windows Text le. Figure 5.4: Application decomposition - Components 47
  • 53. Application Use cases At this stage, we had dened the allowable permissions on the Data and the role that has permissions on it. The specic permission are captured using the Create/Read/Update/Delete. A use case is an ordered sequence of actions used to fulll a subset of the allowable permissions that are dened in data access. Based on that, the use cases of the application will be identied. Figure 5.5: Application Use cases For each use case identied, a data ow generated. Figure 5.6: Application Use cases - Data Flow Example 48
  • 54. 5.2 Threat Analysis Threat analysis is the analysis of the probability of occurrences and consequences of attacks within a system. Attacks Each use cas risks from being attacked. It exists multiple attacks such as: Buer Overow A buer overrun occurs when a buer declared on the stack is overwritten by copying data larger than the buer. Variables declared on the stack are located next to the return address for the function's caller. In a normal attack, the attacker can get a program with a buer overrun to do something he considers useful, such as binding a command shell to the port of their choice. Cryptanalysis Attacks Cryptanalysis is the science of cracking codes, decoding secrets, violating authentication schemes and breaking cryptographic protocols. It is also the science devoted to nding and correcting weaknesses in cryptographic algorithms. It is understood within the eld of Cryptology that an algorithm should not rely on its secrecy. An algorithm should always be made available for public scrutiny. It is this scrutiny that will make it a well trusted algorithm. Inevitably, vulnerability in the algorithm will be exploited. Denial of Service A Denial of Service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is disruption of services like e-mail, directory services etc. In the worst cases, for example, a Web site accessed by millions of people can occasionally be forced to temporarily cease operation. A denial of service attack can also destroy assets in a computer system. Although usually intentional and malicious, a denial of service attack can sometimes happen accidentally. A denial of service attack is a type of information theft which will cost organization's time money. 49
  • 55. Network Eavesdropping Network Eavesdropping is the act of monitoring network trac for data, such as clear- text passwords or conguration information. With a simple packet snier, all plaintext trac can be read easily. Also, lightweight hashing algorithms can be cracked and the payload that was thought to be safe can be deciphered. SQL injection A SQL injection attack exploits vulnerabilities in input validation to run arbitrary commands in the database. It can occur when application uses input to construct dynamic SQL statements to access the database. It can also occur if your code uses stored procedures that are passed strings that contain raw user input. Using the SQL injection attack, the attacker can execute arbitrary commands in the database. The issue is magnied if the application uses an over-privileged account to connect to the database. In this instance it is possible to use the database server to run operating system commands and potentially compromise other servers, in addition to being able to retrieve, manipulate, and destroy data. Threats With the Threat Analysis and Modeling Tool, threats are classied in accordance to the CIA model and oers for each threat solutions to deal with it. Threat factor for Condentiality The primary threat factors for Condentiality are the unauthorized disclosure of the executing identity and the unauthorized disclosure of the data. Threat factor for Integrity The primary threat factors for Integrity are the violation of the access control, violation of business rule, and violation of data integrity. Threat factor for Availability The primary threat factors for Availability are unavailability and performance degra- dation. 50
  • 56. 5.3 Threat Testing we created a diagram of the threats for each use case. Figure 5.7: Threat tree In this diagram: the root node is the threat in question (for example. unauthorized disclosure of read using Active Directory by .Net Role). Then, its children are the vulnerability types (for example, LDAP Injection). Each vulnerability type has an underlying cause (for example, Dynamic LDAP queries using untrusted input). Then, each underlying cause has a mitigation technique (for example, untrusted input should be validated against an inclusion list). 51
  • 57. Conclusion throughout this chapter, we presented the steps in order to discover the aws of a system. Using this tool, we have the opportunity to have a comprehensive report detailing each component and each threat and its contermeasures. You will nd the report in the Appendix A. 52
  • 58. Conclusion The four-week internship spent with the IT Team allowed me to acquire new knowl- edges in the world of IT and also in the world of security. This course gave me new knowledge and increased my ability of understandings. I had the chance to discover the enterprise solutions such as Sophos, VARONIS and also Safeguard. Furthermore, I had the opportunity to deepen in the eld of audit of secu- rity applications used by the IT team. Having a summer internship with a dynamic, rigorous and with a large capacity for work team, gave me the knowledge, expertise and also taught me how to communicate with team members. 53
  • 60. II
  • 61. III
  • 62. IV
  • 63. V
  • 64. VI
  • 65. VII
  • 66. VIII
  • 67. IX
  • 68. X
  • 69. XI
  • 70. XII
  • 71. XIII
  • 72. XIV
  • 73. XV
  • 74. XVI
  • 75. XVII
  • 76. XVIII
  • 77. XIX
  • 78. XX
  • 79. XXI
  • 80. XXII
  • 81. XXIII
  • 82. Test on Security Software Development Appendix B XXIV
  • 83. XXV
  • 84. XXVI
  • 85. XXVII
  • 87. Contents Introduction 1 1 Company Presentation 3 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Leoni structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.4 Leoni Global Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.5 Leoni Wiring System Tunisia . . . . . . . . . . . . . . . . . . . . . . . 6 1.6 Information Management at LEONI . . . . . . . . . . . . . . . . . . . . 6 1.7 Information Management Service Center North Africa . . . . . . . . . 7 1.8 Information Management IT teams . . . . . . . . . . . . . . . . . . . . 8 1.9 Information Management IT Security Team . . . . . . . . . . . . . . . 8 2 Security Software Development 13 2.1 Programming Languages . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2 Object Oriented Programming . . . . . . . . . . . . . . . . . . . . . . . 14 2.3 Avoiding and mitigating system failure . . . . . . . . . . . . . . . . . . 14 2.4 Systems Development Life Cycle (SDLC) . . . . . . . . . . . . . . . . . 14 2.5 Change and conguration management . . . . . . . . . . . . . . . . . . 18 2.6 DevOps Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.7 Application Programming Interfaces (APIs) . . . . . . . . . . . . . . . 20 2.8 Software Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.9 Code repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.10 Service Level Agreements (SLAs) . . . . . . . . . . . . . . . . . . . . . 21 XXIX
  • 88. 2.11 Software Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.12 Establishing databases and data warehousing . . . . . . . . . . . . . . . 21 2.13 Understanding knowledge-based systems . . . . . . . . . . . . . . . . . 25 3 Security Testing 27 3.1 Secuity testing Description . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.2 Security Testing in SDLC phases . . . . . . . . . . . . . . . . . . . . . 27 3.3 Fuzzing Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.4 Security test cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4 Secure Computing 33 4.1 Security Attributes and Terms . . . . . . . . . . . . . . . . . . . . . . . 33 4.2 Threat Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 4.3 Methodologies / Modeling tools . . . . . . . . . . . . . . . . . . . . . . 37 4.4 Norme ISO 27002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 5 Use case Based on Threat Models 45 5.1 Script threat analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 5.2 Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 5.3 Threat Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Conclusion 52 Appendix A I Appendix B XXIV XXX
  • 89. List of Figures 1.1 Wiring Systems Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Wire Cable Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3 Leoni's locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.4 IM Organization - Bundling of Global Services . . . . . . . . . . . . . . . . 6 1.5 IM Service Centers Organization . . . . . . . . . . . . . . . . . . . . . . . 7 1.6 Information Management Service Center North Africa teams . . . . . . . . 7 1.7 IT Support levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.8 Enterprise Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1 Systems Development Life Cycle . . . . . . . . . . . . . . . . . . . . . . . 15 2.2 Ideal Model Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3 DevOps Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.1 Fuzzing Test process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.2 Fuzzing Test process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.1 CIA Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 4.2 MS Threat Modeling Tool process . . . . . . . . . . . . . . . . . . . . . . 38 4.3 Data Flow Diagram elements . . . . . . . . . . . . . . . . . . . . . . . . . 38 4.4 Threats for each DFD's elements . . . . . . . . . . . . . . . . . . . . . . . 39 4.5 Standard mitigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.6 Threat Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 5.1 Application decomposition - User Roles . . . . . . . . . . . . . . . . . . . . 46 5.2 Application decomposition - Services Roles . . . . . . . . . . . . . . . . . . 47 5.3 Application decomposition - Data . . . . . . . . . . . . . . . . . . . . . . . 47 XXXI
  • 90. 5.4 Application decomposition - Components . . . . . . . . . . . . . . . . . . . 47 5.5 Application Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.6 Application Use cases - Data Flow Example . . . . . . . . . . . . . . . . . 48 5.7 Threat tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 XXXII