SlideShare a Scribd company logo

Residency ResearchISOL 536 Security Architecture and Design.docx

Download as DOCX, PDF
B
brittneyj3

Residency Research ISOL 536 Security Architecture and Design Using Resources to Promote Critical Thinking Critical thinking is an integral part of any educational program At UC, we encourage and provide applicable resources for the promotion of critical thinking In order to properly research and complete course papers, proper resources must be utilized Critical Thinking helps us to: Understand the links between ideas. Determine the importance and relevance of arguments and ideas. Recognize, build and appraise arguments. Identify inconsistencies and errors in reasoning. Approach problems in a consistent and systematic way. Reflect on the justification of their own assumptions, beliefs and values. http://www.skillsyouneed.com/learn/critical-thinking.html Researching Using the Critical Questions When using research resources, it is imperative to review the six critical questions and implement that data into your writings. Proper Resources for Research When asked to completed a research paper in the UC School for Computer and Information Sciences, you must use scholarly, peer-reviewed articles. A peer-reviewed article is one that has “been evaluated by several researchers or subject specialist in the academic community prior to accepting it for publication” and is “also known as scholarly or refereed.” Your professor or the UC Librarian team can help you determine whether or not an article is peer-reviewed. Proper Resources for Research Examples of sites with peer-reviewed resources UC Library Site EBSCOhost JSTOR Google Scholar Examples of sites with unacceptable resources PC Magazine Cisco Ars Technica Reddit Proper Format is Important All papers written for courses within the School for Computer and Information Sciences must follow the American Psychological Association (APA) writing style. University Resources The UC Library provides a myriad of online resources to assist students with proper research Resources referring to Information Security can be found inside the UC Library site www.ucumberlands.edu/library Groups Group 1 Group Topic: Meltdown [email protected][email protected][email protected][email protected][email protected][email protected] Group 2 Group Topic: Spectre [email protected][email protected][email protected][email protected][email protected][email protected] Group 3 Group Topic: ZombieLoad [email protected][email protected][email protected][email protected][email protected][email protected] Group 4 Group Topic: RIDL [email protected][email protected][email protected][email protected][email protected] Group 5 Group Topic: Fallout [email protected][email protected][email protected][email protected][email protected] Research Topic Security researchers have discovered major vulnerabilities with the design of Intel chips The vulnerabilities stem from several issues and their immediate remediations create severe loss of performance Each vulnerability is similar but different Res.

Education
1 of 17
Residency Research ISOL 536 Security Architecture and Design Using Resources to Promote Critical Thinking Critical thinking is an integral part of any educational program At UC, we encourage and provide applicable resources for the promotion of critical thinking In order to properly research and complete course papers, proper resources must be utilized Critical Thinking helps us to: Understand the links between ideas. Determine the importance and relevance of arguments and ideas. Recognize, build and appraise arguments. Identify inconsistencies and errors in reasoning. Approach problems in a consistent and systematic way. Reflect on the justification of their own assumptions, beliefs and values. http://www.skillsyouneed.com/learn/critical-thinking.html Researching Using the Critical Questions When using research resources, it is imperative to review the
six critical questions and implement that data into your writings. Proper Resources for Research When asked to completed a research paper in the UC School for Computer and Information Sciences, you must use scholarly, peer-reviewed articles. A peer-reviewed article is one that has “been evaluated by several researchers or subject specialist in the academic community prior to accepting it for publication” and is “also known as scholarly or refereed.” Your professor or the UC Librarian team can help you determine whether or not an article is peer-reviewed. Proper Resources for Research Examples of sites with peer-reviewed resources UC Library Site EBSCOhost JSTOR Google Scholar Examples of sites with unacceptable resources PC Magazine Cisco Ars Technica Reddit Proper Format is Important All papers written for courses within the School for Computer and Information Sciences must follow the American Psychological Association (APA) writing style.
University Resources The UC Library provides a myriad of online resources to assist students with proper research Resources referring to Information Security can be found inside the UC Library site www.ucumberlands.edu/library Groups Group 1 Group Topic: Meltdown [email protected][email protected][email protected][email prote cted][email protected][email protected] Group 2 Group Topic: Spectre [email protected][email protected][email protected][email prote cted][email protected][email protected] Group 3 Group Topic: ZombieLoad [email protected][email protected][email protected][email prote cted][email protected][email protected]
Group 4 Group Topic: RIDL [email protected][email protected][email protected][email prote cted][email protected] Group 5 Group Topic: Fallout [email protected][email protected][email protected][email prote cted][email protected] Research Topic Security researchers have discovered major vulnerabilities with the design of Intel chips The vulnerabilities stem from several issues and their immediate remediations create severe loss of performance Each vulnerability is similar but different Research Topic DO Provide a working knowledge of your assigned vulnerability Compare and contrast your assigned vulnerability with others Deeply research the use of threat modeling and secure architecture Tie your research back to recommendations for remediation of the vulnerability DO NOT Dive deep into the mathematics of the vulnerability Disassociate your peer-reviewed scholarly research from the
vulnerability Plagiarize and copy/paste from sites Forget the topics of our course (e.g. STRIDE) Research Paper 10-15 pages Double spaced APA style At least 10 references At least 5 of your references must be scholarly peer-reviewed articles Research Paper Find and review peer-reviewed scholarly articles concerning security architecture, secure design, and threat modeling Find and review other information that associates with your topic area Apply research from articles on chosen topic area to create research paper Research Presentation Goal is to summarize your research and recommendations Must present for at least 25 minutes but no more than 30 minutes Your group will be randomly selected for presentation All group members need to participate in the presentation
ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 1 Overview and stride review 2 Ways to Find Security Issues Static analysis of code Fuzzing or other dynamic testing Pen test/red team Wait for bug reports after release All of these are fine, but as you go down the list, you’re going later and later in the development process. So when you find
bugs, you may have a hard time fixing them, because you might have dependencies on behavior such as taking large complex input from an untrusted party, or your libraries may not handle issues like sql injection well, or you might be using an untyped language like C. 3 Ways to Find Security Issues Threat modeling! Think about security issues early Understand your requirements better Don’t write bugs into the code And the subject of this course 4 Definitions What is a threat? How is it different from a vulnerability, risk, or just a problem? What is a model? Many people get stuck on these. Definitions matter. Many
people don’t understand the definition of a threat and how it’s different from a vulnerability, a risk, or a problem. “Threat” means the bad thing that might happen. “Threat” can also refer to a person, or a piece of malware, but we don’t use those definitions here. “Vulnerability” is a term of art for code that can be automatically exploited, or more generally, a weakness that can be exploited. MODEL: a system or thing used as an example to follow or imitate. 5 How to Threat Model What are you building? What can go wrong? What are you going to do about it? Did you complete a good analysis? The course will teach you practical skills for each of these 6 Addressing the Threat
7 Mitigate Eliminate Transfer Accept Validation of the Model 8 Check the model Check each threat Check the tests STRIDEThreatProperty ViolatedDefinitionExampleSpoofingAuthenticationImpersonatin
g something or someone else.Pretending to be any of Bill Gates, Paypal.com or ntdll.dllTamperingIntegrityModifying data or codeModifying a DLL on disk or DVD, or a packet as it traverses the networkRepudiationNon-repudiationClaiming to have not performed an action.“I didn’t send that email,” “I didn’t modify that file,” “I certainly didn’t visit that web site, dear!”Information DisclosureConfidentialityExposing information to someone not authorized to see itAllowing someone to read the Windows source code; publishing a list of customers to a web site.Denial of ServiceAvailabilityDeny or degrade service to usersCrashing Windows or a web site, sending a packet and absorbing seconds of CPU time, or routing packets into a black hole.Elevation of PrivilegeAuthorizationGain capabilities without proper authorizationAllowing a remote Internet user to run commands is the classic example, but going from a limited user to admin is also EoP. 9 What Can Go Wrong? Track issues as you find them “attacker could pretend to be a client & connect” Track assumptions “I think that connection is always over SSL” Both lists are inputs to “what are you going to do about it?”
10 Spoofing On the Local MachineThreat ExampleWhat the Attacker DoesNotes/ExamplesSpoofing a process Creates a file before the real processThen your process relies on itAbuses namesCreate a version of “sudo” and alter PATHSpoofing a filenameCreates a file in the local directoryLibrary, executable or config fileCreates a link, changes itAlso called ‘race condition’ or TOCTOUCreates many files in a target directoryCode can easily create all possible /tmp/foo.random 11 Tampering with MemoryThreat ExampleWhat the Attacker DoesNotes/ExamplesModifying codeChanges your code to suit themselvesHard to defend against if the attacker is running code inside the trust boundariesModifying data they’ve suppliedSupplies data to a pass by reference API, then changes itWorks because of TOCTOU issuesSupplies data into a shared memory segment, then changes it 12 RepudiationThreat ExampleWhat the Attacker
DoesNotes/examplesRepudiating an actionClaims to have not clickedMaybe they did, maybe they didn’t, maybe they’re honestly confusedClaims to not have received1. Electronic or physical 2. Receipt is strange; does a client downloading email mean you’ve seen it? Did a network proxy pre-fetch images? Was a package left on a porch?Claims to be a fraud victimUses someone else’s account 13 Information Disclosure (Processes)Threat ExampleWhat the Attacker DoesNotes/ExamplesExtracts user dataExploits bugs like SQL injection to read db tablesCan find this by looking to data stores, but here the issue is the process returning data it shouldn’tReads error messages Extracts machine secretsReads error messagesCannot connect to database ‘foo’ as user ‘sql’ with password ‘&IO*(^&’Exploits bugs“Heartbleed” 14 Information Disclosure (Data Stores)Sub-categoryWhat the Attacker DoesPermissionsTake advantage of missing or inappropriate ACLsTake advantage of bad database permissionsFile files protected by obscuritySecurityFind crypto keys on disk or in memoryGet data from logs/temp filesGet data
from swap filesSee interesting information in filenames/directory namesNetworkSee data traversing a networkMiscObtain device, boot in new OS 15 Information Disclosure (Data Flow)Sub-categoryWhat the Attacker DoesNetworkRead data on a networkRedirects traffics to enable reading data on the networkMetadataLearns secrets by analyzing trafficLearns who talks to whom by watching the DNSLearns who talks to whom by analyzing social network information 16 Denial of ServiceThreat ExampleWhat the Attacker DoesNotes/ExamplesAgainst a processAbsorb memory (ram or disk)Absorb CPUUses a process as an amplifierAgainst business logic“Too many login attempts”Against a data storeFills the data storeMakes enough requests to slow the systemAgainst a data flowConsumes network resources Can be temporary (as the attack continues; fill the network) or persist beyond that (fill a disk)
17 Elevation of Privilege (“EoP”)Threat ExampleWhat the Attacker DoesNotes/ExamplesEoP Against process via corruptionSends inputs the code doesn’t handle properlyVery common, usually high impactGains read/write access to memoryWriting memory more obviously badEoP via misused authorization checksEoP via buggy authorization checksCentralizing checking makes consistency, correctness easierEoP via data tamperingModify bits on disk 18 ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 19
ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 1 Introduction and expectations 2 Introduce yourself
3 Goals for Residency Successfully complete part of course requirements Strengthen research skills Make professional connections Increase social and soft skills Have fun! 4 Expectations for Residency Come early Give attention Respect colleagues Participate equally Produce exceptional work 5 Review schedule
6 ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 7

Recommended

ISOL 536Security Architecture and DesignThreat Modeling.docx
ISOL 536Security Architecture and DesignThreat Modeling.docxISOL 536Security Architecture and DesignThreat Modeling.docx
ISOL 536Security Architecture and DesignThreat Modeling.docx
christiandean12115
 
Security vulnerabilities for grown ups - GOTOcon 2012
Security vulnerabilities for grown ups - GOTOcon 2012Security vulnerabilities for grown ups - GOTOcon 2012
Security vulnerabilities for grown ups - GOTOcon 2012
Vitaly Osipov
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patching
phanleson
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
shyamuopiv
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
Bartholomew99
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.com
Bromleyz38
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
woodruffeloisa
 

Recommended

ISOL 536Security Architecture and DesignThreat Modeling.docx
ISOL 536Security Architecture and DesignThreat Modeling.docxISOL 536Security Architecture and DesignThreat Modeling.docx
ISOL 536Security Architecture and DesignThreat Modeling.docx
christiandean12115
 
Security vulnerabilities for grown ups - GOTOcon 2012
Security vulnerabilities for grown ups - GOTOcon 2012Security vulnerabilities for grown ups - GOTOcon 2012
Security vulnerabilities for grown ups - GOTOcon 2012
Vitaly Osipov
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patching
phanleson
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
shyamuopiv
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
Bartholomew99
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.com
Bromleyz38
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
woodruffeloisa
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011
securityaegis
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.com
Baileyabl
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
mccormicknadine86
 
Null bachav
Null bachavNull bachav
Null bachav
Naga Venkata Sunil Alamuri
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
uNIX Jim
 
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
Steve Poole
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSA
Carl Saiyed
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
robertlesew79
 
Sec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.comSec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.com
HarrisGeorg69
 
ISOL536 Security Architecture and DesignDr. Justin O. .docx
ISOL536 Security Architecture and DesignDr. Justin O. .docxISOL536 Security Architecture and DesignDr. Justin O. .docx
ISOL536 Security Architecture and DesignDr. Justin O. .docx
vrickens
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
phanleson
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
Baileya109
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen
 
Security
SecuritySecurity
Security
dominion
 
Open Source Security – A vendor's perspective
Open Source Security – A vendor's perspectiveOpen Source Security – A vendor's perspective
Open Source Security – A vendor's perspective
Matthew Wilkes
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Dan Kaminsky
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
Clint Edmonson
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
Research TopicCorporations are making the assumption that ever.docx
Research TopicCorporations are making the assumption that ever.docxResearch TopicCorporations are making the assumption that ever.docx
Research TopicCorporations are making the assumption that ever.docx
brittneyj3
 
Research two (2) manufacturing or two (2) service companies that m.docx
Research two (2) manufacturing or two (2) service companies that m.docxResearch two (2) manufacturing or two (2) service companies that m.docx
Research two (2) manufacturing or two (2) service companies that m.docx
brittneyj3
 

More Related Content

Similar to Residency ResearchISOL 536 Security Architecture and Design.docx

Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011
securityaegis
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.com
Baileyabl
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
mccormicknadine86
 
Null bachav
Null bachavNull bachav
Null bachav
Naga Venkata Sunil Alamuri
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
uNIX Jim
 
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
Steve Poole
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSA
Carl Saiyed
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
robertlesew79
 
Sec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.comSec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.com
HarrisGeorg69
 
ISOL536 Security Architecture and DesignDr. Justin O. .docx
ISOL536 Security Architecture and DesignDr. Justin O. .docxISOL536 Security Architecture and DesignDr. Justin O. .docx
ISOL536 Security Architecture and DesignDr. Justin O. .docx
vrickens
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
phanleson
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
Baileya109
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen
 
Security
SecuritySecurity
Security
dominion
 
Open Source Security – A vendor's perspective
Open Source Security – A vendor's perspectiveOpen Source Security – A vendor's perspective
Open Source Security – A vendor's perspective
Matthew Wilkes
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Dan Kaminsky
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
Clint Edmonson
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
Leigh Honeywell
 

Similar to Residency ResearchISOL 536 Security Architecture and Design.docx (20)

Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011
 
Sec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.comSec 572 Effective Communication / snaptutorial.com
Sec 572 Effective Communication / snaptutorial.com
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
 
Null bachav
Null bachavNull bachav
Null bachav
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
 
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSA
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
 
Sec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.comSec 572 Enhance teaching / snaptutorial.com
Sec 572 Enhance teaching / snaptutorial.com
 
ISOL536 Security Architecture and DesignDr. Justin O. .docx
ISOL536 Security Architecture and DesignDr. Justin O. .docxISOL536 Security Architecture and DesignDr. Justin O. .docx
ISOL536 Security Architecture and DesignDr. Justin O. .docx
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Security
SecuritySecurity
Security
 
Open Source Security – A vendor's perspective
Open Source Security – A vendor's perspectiveOpen Source Security – A vendor's perspective
Open Source Security – A vendor's perspective
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
 

More from brittneyj3

Research TopicCorporations are making the assumption that ever.docx
Research TopicCorporations are making the assumption that ever.docxResearch TopicCorporations are making the assumption that ever.docx
Research TopicCorporations are making the assumption that ever.docx
brittneyj3
 
Research two (2) manufacturing or two (2) service companies that m.docx
Research two (2) manufacturing or two (2) service companies that m.docxResearch two (2) manufacturing or two (2) service companies that m.docx
Research two (2) manufacturing or two (2) service companies that m.docx
brittneyj3
 
Research Topic  Stratgic planning in Information Technology.docx
Research Topic  Stratgic planning in Information Technology.docxResearch Topic  Stratgic planning in Information Technology.docx
Research Topic  Stratgic planning in Information Technology.docx
brittneyj3
 
RESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docx
RESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docxRESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docx
RESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docx
brittneyj3
 
Research topic What is the impact of Gamification on security train.docx
Research topic What is the impact of Gamification on security train.docxResearch topic What is the impact of Gamification on security train.docx
Research topic What is the impact of Gamification on security train.docx
brittneyj3
 
Research Title VII of the Civil Rights Act of 1964 and discuss why i.docx
Research Title VII of the Civil Rights Act of 1964 and discuss why i.docxResearch Title VII of the Civil Rights Act of 1964 and discuss why i.docx
Research Title VII of the Civil Rights Act of 1964 and discuss why i.docx
brittneyj3
 
Research topic StakeholderInstructionsYour submission .docx
Research topic StakeholderInstructionsYour submission .docxResearch topic StakeholderInstructionsYour submission .docx
Research topic StakeholderInstructionsYour submission .docx
brittneyj3
 
Research Theory, Design, and Methods Walden University © .docx
Research Theory, Design, and Methods Walden University © .docxResearch Theory, Design, and Methods Walden University © .docx
Research Theory, Design, and Methods Walden University © .docx
brittneyj3
 
Research the secondary transition services for students with disabil.docx
Research the secondary transition services for students with disabil.docxResearch the secondary transition services for students with disabil.docx
Research the secondary transition services for students with disabil.docx
brittneyj3
 
Research the use of social stories for teaching socially appro.docx
Research the use of social stories for teaching socially appro.docxResearch the use of social stories for teaching socially appro.docx
Research the use of social stories for teaching socially appro.docx
brittneyj3
 
Research the variety of enumeration tools available. Select one tool.docx
Research the variety of enumeration tools available. Select one tool.docxResearch the variety of enumeration tools available. Select one tool.docx
Research the variety of enumeration tools available. Select one tool.docx
brittneyj3
 
Research Topic and Methodology Form—Unit 4Use the research s.docx
Research Topic and Methodology Form—Unit 4Use the research s.docxResearch Topic and Methodology Form—Unit 4Use the research s.docx
Research Topic and Methodology Form—Unit 4Use the research s.docx
brittneyj3
 
Research TitleStudent NameCourse Number – TermYearProfess.docx
Research TitleStudent NameCourse Number – TermYearProfess.docxResearch TitleStudent NameCourse Number – TermYearProfess.docx
Research TitleStudent NameCourse Number – TermYearProfess.docx
brittneyj3
 
Research these topics topics for a two to three page paper. Write th.docx
Research these topics topics for a two to three page paper. Write th.docxResearch these topics topics for a two to three page paper. Write th.docx
Research these topics topics for a two to three page paper. Write th.docx
brittneyj3
 
Research the web to identify a SystemsSoftware Development Lifecycl.docx
Research the web to identify a SystemsSoftware Development Lifecycl.docxResearch the web to identify a SystemsSoftware Development Lifecycl.docx
Research the web to identify a SystemsSoftware Development Lifecycl.docx
brittneyj3
 
Research the specific domains and components of the COBIT Framework..docx
Research the specific domains and components of the COBIT Framework..docxResearch the specific domains and components of the COBIT Framework..docx
Research the specific domains and components of the COBIT Framework..docx
brittneyj3
 
Residency5COVER PAGETable of Conte.docx
Residency5COVER PAGETable of Conte.docxResidency5COVER PAGETable of Conte.docx
Residency5COVER PAGETable of Conte.docx
brittneyj3
 
Research the role that Milton plays in Romantic writing and trac.docx
Research the role that Milton plays in Romantic writing and trac.docxResearch the role that Milton plays in Romantic writing and trac.docx
Research the role that Milton plays in Romantic writing and trac.docx
brittneyj3
 
Research the two alternative presentation applications that yo.docx
Research the two alternative presentation applications that yo.docxResearch the two alternative presentation applications that yo.docx
Research the two alternative presentation applications that yo.docx
brittneyj3
 
Research project oversight using the University Library.Writ.docx
Research project oversight using the University Library.Writ.docxResearch project oversight using the University Library.Writ.docx
Research project oversight using the University Library.Writ.docx
brittneyj3
 

More from brittneyj3 (20)

Research TopicCorporations are making the assumption that ever.docx
Research TopicCorporations are making the assumption that ever.docxResearch TopicCorporations are making the assumption that ever.docx
Research TopicCorporations are making the assumption that ever.docx
 
Research two (2) manufacturing or two (2) service companies that m.docx
Research two (2) manufacturing or two (2) service companies that m.docxResearch two (2) manufacturing or two (2) service companies that m.docx
Research two (2) manufacturing or two (2) service companies that m.docx
 
Research Topic  Stratgic planning in Information Technology.docx
Research Topic  Stratgic planning in Information Technology.docxResearch Topic  Stratgic planning in Information Technology.docx
Research Topic  Stratgic planning in Information Technology.docx
 
RESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docx
RESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docxRESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docx
RESEARCH TOPIC; SOCIAL WORKERS AND IDENTIFICATION OF HUMAN TRAFF.docx
 
Research topic What is the impact of Gamification on security train.docx
Research topic What is the impact of Gamification on security train.docxResearch topic What is the impact of Gamification on security train.docx
Research topic What is the impact of Gamification on security train.docx
 
Research Title VII of the Civil Rights Act of 1964 and discuss why i.docx
Research Title VII of the Civil Rights Act of 1964 and discuss why i.docxResearch Title VII of the Civil Rights Act of 1964 and discuss why i.docx
Research Title VII of the Civil Rights Act of 1964 and discuss why i.docx
 
Research topic StakeholderInstructionsYour submission .docx
Research topic StakeholderInstructionsYour submission .docxResearch topic StakeholderInstructionsYour submission .docx
Research topic StakeholderInstructionsYour submission .docx
 
Research Theory, Design, and Methods Walden University © .docx
Research Theory, Design, and Methods Walden University © .docxResearch Theory, Design, and Methods Walden University © .docx
Research Theory, Design, and Methods Walden University © .docx
 
Research the secondary transition services for students with disabil.docx
Research the secondary transition services for students with disabil.docxResearch the secondary transition services for students with disabil.docx
Research the secondary transition services for students with disabil.docx
 
Research the use of social stories for teaching socially appro.docx
Research the use of social stories for teaching socially appro.docxResearch the use of social stories for teaching socially appro.docx
Research the use of social stories for teaching socially appro.docx
 
Research the variety of enumeration tools available. Select one tool.docx
Research the variety of enumeration tools available. Select one tool.docxResearch the variety of enumeration tools available. Select one tool.docx
Research the variety of enumeration tools available. Select one tool.docx
 
Research Topic and Methodology Form—Unit 4Use the research s.docx
Research Topic and Methodology Form—Unit 4Use the research s.docxResearch Topic and Methodology Form—Unit 4Use the research s.docx
Research Topic and Methodology Form—Unit 4Use the research s.docx
 
Research TitleStudent NameCourse Number – TermYearProfess.docx
Research TitleStudent NameCourse Number – TermYearProfess.docxResearch TitleStudent NameCourse Number – TermYearProfess.docx
Research TitleStudent NameCourse Number – TermYearProfess.docx
 
Research these topics topics for a two to three page paper. Write th.docx
Research these topics topics for a two to three page paper. Write th.docxResearch these topics topics for a two to three page paper. Write th.docx
Research these topics topics for a two to three page paper. Write th.docx
 
Research the web to identify a SystemsSoftware Development Lifecycl.docx
Research the web to identify a SystemsSoftware Development Lifecycl.docxResearch the web to identify a SystemsSoftware Development Lifecycl.docx
Research the web to identify a SystemsSoftware Development Lifecycl.docx
 
Research the specific domains and components of the COBIT Framework..docx
Research the specific domains and components of the COBIT Framework..docxResearch the specific domains and components of the COBIT Framework..docx
Research the specific domains and components of the COBIT Framework..docx
 
Residency5COVER PAGETable of Conte.docx
Residency5COVER PAGETable of Conte.docxResidency5COVER PAGETable of Conte.docx
Residency5COVER PAGETable of Conte.docx
 
Research the role that Milton plays in Romantic writing and trac.docx
Research the role that Milton plays in Romantic writing and trac.docxResearch the role that Milton plays in Romantic writing and trac.docx
Research the role that Milton plays in Romantic writing and trac.docx
 
Research the two alternative presentation applications that yo.docx
Research the two alternative presentation applications that yo.docxResearch the two alternative presentation applications that yo.docx
Research the two alternative presentation applications that yo.docx
 
Research project oversight using the University Library.Writ.docx
Research project oversight using the University Library.Writ.docxResearch project oversight using the University Library.Writ.docx
Research project oversight using the University Library.Writ.docx
 

Recently uploaded

Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
Nicholas Montgomery
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience
Wahiba Chair Training & Consulting
 
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Diana Rendina
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
S. Raj Kumar
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
สมใจ จันสุกสี
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 

Recently uploaded (20)

Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience
 
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 

Residency ResearchISOL 536 Security Architecture and Design.docx

  • 1. Residency Research ISOL 536 Security Architecture and Design Using Resources to Promote Critical Thinking Critical thinking is an integral part of any educational program At UC, we encourage and provide applicable resources for the promotion of critical thinking In order to properly research and complete course papers, proper resources must be utilized Critical Thinking helps us to: Understand the links between ideas. Determine the importance and relevance of arguments and ideas. Recognize, build and appraise arguments. Identify inconsistencies and errors in reasoning. Approach problems in a consistent and systematic way. Reflect on the justification of their own assumptions, beliefs and values. http://www.skillsyouneed.com/learn/critical-thinking.html Researching Using the Critical Questions When using research resources, it is imperative to review the
  • 2. six critical questions and implement that data into your writings. Proper Resources for Research When asked to completed a research paper in the UC School for Computer and Information Sciences, you must use scholarly, peer-reviewed articles. A peer-reviewed article is one that has “been evaluated by several researchers or subject specialist in the academic community prior to accepting it for publication” and is “also known as scholarly or refereed.” Your professor or the UC Librarian team can help you determine whether or not an article is peer-reviewed. Proper Resources for Research Examples of sites with peer-reviewed resources UC Library Site EBSCOhost JSTOR Google Scholar Examples of sites with unacceptable resources PC Magazine Cisco Ars Technica Reddit Proper Format is Important All papers written for courses within the School for Computer and Information Sciences must follow the American Psychological Association (APA) writing style.
  • 3. University Resources The UC Library provides a myriad of online resources to assist students with proper research Resources referring to Information Security can be found inside the UC Library site www.ucumberlands.edu/library Groups Group 1 Group Topic: Meltdown [email protected][email protected][email protected][email prote cted][email protected][email protected] Group 2 Group Topic: Spectre [email protected][email protected][email protected][email prote cted][email protected][email protected] Group 3 Group Topic: ZombieLoad [email protected][email protected][email protected][email prote cted][email protected][email protected]
  • 4. Group 4 Group Topic: RIDL [email protected][email protected][email protected][email prote cted][email protected] Group 5 Group Topic: Fallout [email protected][email protected][email protected][email prote cted][email protected] Research Topic Security researchers have discovered major vulnerabilities with the design of Intel chips The vulnerabilities stem from several issues and their immediate remediations create severe loss of performance Each vulnerability is similar but different Research Topic DO Provide a working knowledge of your assigned vulnerability Compare and contrast your assigned vulnerability with others Deeply research the use of threat modeling and secure architecture Tie your research back to recommendations for remediation of the vulnerability DO NOT Dive deep into the mathematics of the vulnerability Disassociate your peer-reviewed scholarly research from the
  • 5. vulnerability Plagiarize and copy/paste from sites Forget the topics of our course (e.g. STRIDE) Research Paper 10-15 pages Double spaced APA style At least 10 references At least 5 of your references must be scholarly peer-reviewed articles Research Paper Find and review peer-reviewed scholarly articles concerning security architecture, secure design, and threat modeling Find and review other information that associates with your topic area Apply research from articles on chosen topic area to create research paper Research Presentation Goal is to summarize your research and recommendations Must present for at least 25 minutes but no more than 30 minutes Your group will be randomly selected for presentation All group members need to participate in the presentation
  • 6. ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 1 Overview and stride review 2 Ways to Find Security Issues Static analysis of code Fuzzing or other dynamic testing Pen test/red team Wait for bug reports after release All of these are fine, but as you go down the list, you’re going later and later in the development process. So when you find
  • 7. bugs, you may have a hard time fixing them, because you might have dependencies on behavior such as taking large complex input from an untrusted party, or your libraries may not handle issues like sql injection well, or you might be using an untyped language like C. 3 Ways to Find Security Issues Threat modeling! Think about security issues early Understand your requirements better Don’t write bugs into the code And the subject of this course 4 Definitions What is a threat? How is it different from a vulnerability, risk, or just a problem? What is a model? Many people get stuck on these. Definitions matter. Many
  • 8. people don’t understand the definition of a threat and how it’s different from a vulnerability, a risk, or a problem. “Threat” means the bad thing that might happen. “Threat” can also refer to a person, or a piece of malware, but we don’t use those definitions here. “Vulnerability” is a term of art for code that can be automatically exploited, or more generally, a weakness that can be exploited. MODEL: a system or thing used as an example to follow or imitate. 5 How to Threat Model What are you building? What can go wrong? What are you going to do about it? Did you complete a good analysis? The course will teach you practical skills for each of these 6 Addressing the Threat
  • 9. 7 Mitigate Eliminate Transfer Accept Validation of the Model 8 Check the model Check each threat Check the tests STRIDEThreatProperty ViolatedDefinitionExampleSpoofingAuthenticationImpersonatin
  • 10. g something or someone else.Pretending to be any of Bill Gates, Paypal.com or ntdll.dllTamperingIntegrityModifying data or codeModifying a DLL on disk or DVD, or a packet as it traverses the networkRepudiationNon-repudiationClaiming to have not performed an action.“I didn’t send that email,” “I didn’t modify that file,” “I certainly didn’t visit that web site, dear!”Information DisclosureConfidentialityExposing information to someone not authorized to see itAllowing someone to read the Windows source code; publishing a list of customers to a web site.Denial of ServiceAvailabilityDeny or degrade service to usersCrashing Windows or a web site, sending a packet and absorbing seconds of CPU time, or routing packets into a black hole.Elevation of PrivilegeAuthorizationGain capabilities without proper authorizationAllowing a remote Internet user to run commands is the classic example, but going from a limited user to admin is also EoP. 9 What Can Go Wrong? Track issues as you find them “attacker could pretend to be a client & connect” Track assumptions “I think that connection is always over SSL” Both lists are inputs to “what are you going to do about it?”
  • 11. 10 Spoofing On the Local MachineThreat ExampleWhat the Attacker DoesNotes/ExamplesSpoofing a process Creates a file before the real processThen your process relies on itAbuses namesCreate a version of “sudo” and alter PATHSpoofing a filenameCreates a file in the local directoryLibrary, executable or config fileCreates a link, changes itAlso called ‘race condition’ or TOCTOUCreates many files in a target directoryCode can easily create all possible /tmp/foo.random 11 Tampering with MemoryThreat ExampleWhat the Attacker DoesNotes/ExamplesModifying codeChanges your code to suit themselvesHard to defend against if the attacker is running code inside the trust boundariesModifying data they’ve suppliedSupplies data to a pass by reference API, then changes itWorks because of TOCTOU issuesSupplies data into a shared memory segment, then changes it 12 RepudiationThreat ExampleWhat the Attacker
  • 12. DoesNotes/examplesRepudiating an actionClaims to have not clickedMaybe they did, maybe they didn’t, maybe they’re honestly confusedClaims to not have received1. Electronic or physical 2. Receipt is strange; does a client downloading email mean you’ve seen it? Did a network proxy pre-fetch images? Was a package left on a porch?Claims to be a fraud victimUses someone else’s account 13 Information Disclosure (Processes)Threat ExampleWhat the Attacker DoesNotes/ExamplesExtracts user dataExploits bugs like SQL injection to read db tablesCan find this by looking to data stores, but here the issue is the process returning data it shouldn’tReads error messages Extracts machine secretsReads error messagesCannot connect to database ‘foo’ as user ‘sql’ with password ‘&IO*(^&’Exploits bugs“Heartbleed” 14 Information Disclosure (Data Stores)Sub-categoryWhat the Attacker DoesPermissionsTake advantage of missing or inappropriate ACLsTake advantage of bad database permissionsFile files protected by obscuritySecurityFind crypto keys on disk or in memoryGet data from logs/temp filesGet data
  • 13. from swap filesSee interesting information in filenames/directory namesNetworkSee data traversing a networkMiscObtain device, boot in new OS 15 Information Disclosure (Data Flow)Sub-categoryWhat the Attacker DoesNetworkRead data on a networkRedirects traffics to enable reading data on the networkMetadataLearns secrets by analyzing trafficLearns who talks to whom by watching the DNSLearns who talks to whom by analyzing social network information 16 Denial of ServiceThreat ExampleWhat the Attacker DoesNotes/ExamplesAgainst a processAbsorb memory (ram or disk)Absorb CPUUses a process as an amplifierAgainst business logic“Too many login attempts”Against a data storeFills the data storeMakes enough requests to slow the systemAgainst a data flowConsumes network resources Can be temporary (as the attack continues; fill the network) or persist beyond that (fill a disk)
  • 14. 17 Elevation of Privilege (“EoP”)Threat ExampleWhat the Attacker DoesNotes/ExamplesEoP Against process via corruptionSends inputs the code doesn’t handle properlyVery common, usually high impactGains read/write access to memoryWriting memory more obviously badEoP via misused authorization checksEoP via buggy authorization checksCentralizing checking makes consistency, correctness easierEoP via data tamperingModify bits on disk 18 ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 19
  • 15. ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 1 Introduction and expectations 2 Introduce yourself
  • 16. 3 Goals for Residency Successfully complete part of course requirements Strengthen research skills Make professional connections Increase social and soft skills Have fun! 4 Expectations for Residency Come early Give attention Respect colleagues Participate equally Produce exceptional work 5 Review schedule
  • 17. 6 ISOL536 | Security Architecture and Design Dr. Justin O. Hensley School of Computer and Information Sciences 7