The document discusses secure software design and programming, emphasizing the integration of security throughout the software development lifecycle (SDLC). It outlines phases such as planning, design, implementation, testing, deployment, and maintenance, focusing on identifying and mitigating risks and vulnerabilities at each stage. Additionally, it highlights challenges in secure software development and offers recommendations for best practices, including threat modeling and security design reviews.

1. preencoded.png
Secure Software Design
and Secure Programming
Software development security involves integrating security measures
throughout the lifecycle to protect systems confidentiality, integrity, and
availability. The primary objective of software security is to identify and
mitigate vulnerabilities, weaknesses, risks , and threats that could
potentially be exploited by attackers.

2. preencoded.png
Topic outline
▪ Secure Design
▪ Definition of Secure Software
▪ Phases of Secure SDLC(Secure Software Development Life Cycle)
▪ Challenges in Secure Software Development Life Cycle (SSDLC)
▪ How to Ensure SSDLC(Secure Software Development Life Cycle)
▪ Components of Secure Software Development Life Cycle (SDLC)
▪ Threat Modeling
▪ Principles of Secure Software Design – security principle
▪ Security Design Reviews
▪ Definition of SDR
▪ Process of SDR
▪ Secure Programming
▪ Objectives of Secure Programming
▪ Challenges of Secure Programming
▪ Secure programming Principles & Practices
▪ Tools and Techniques for Secure Software design

3. preencoded.png
Secure Software Design
Secure Software Design
Designing software with security as a foundational aspect in other word
integrates security throughout the entire SDLC to prevent vulnerabilities ,
focused on Identifying and addressing security risks before coding begins

4. preencoded.png
Phases of Secure SDLC(Secure Software Development Life Cycle)
Planning : focus is on figuring out the security requirements for the software , this includes :
• Identify security objectives (e.g., protecting user data).
• Risk Assessment: Analyze possible threats (e.g., data breaches, unauthorized access) and creating a plan for how to
make the software secure from the beginning (plan mitigations).
Analysis: focus is on identifying and understanding the security requirements and possible risks associated with the
software system.
• Security Requirements Definition: Define functional and non-functional security requirements (e.g., data encryption,
role-based access).
• Use Case Analysis: Identify misuse cases to predict possible attacks (phishing attack , MFA).
• Data Classification: Classify sensitive data requiring protection.
1
2
SSDLC is an approach to software development that integrates security practices throughout the entire software development
process. It focuses on identifying and mitigating security vulnerabilities at each stage of development to create more resilient and
secure software.

5. preencoded.png
Phases of Secure SDLC(Secure Software Development Life Cycle)
Desing: the plan for security is put into action. This involves making decisions about how to build security features into the
software. The goal is to ensure that the design can handle potential security problems.
• Threat Modeling: Identify vulnerabilities and attack in the proposed architecture use frameworks like STRIDE.
• Security Architecture Design: Incorporate secure patterns such as encryption, and access controls.
• Secure Design Principles: Apply principles like defense in depth, least privilege.
3
Implementation: developers start building the software using secure coding practices. This means writing code in a way
that reduces the chances of security problems. Code reviews are done to catch and fix any security issues.
• Adhere to Secure Coding Practices: Implement code using standards.
• Static Code Analysis: Use tools to scan for vulnerabilities during coding.
4

6. preencoded.png
Phases of Secure SDLC(Secure Software Development Life Cycle)
Testing: focuses on checking the software's security by attempting to find weaknesses. This includes trying to hack into the
software, scanning the code for potential problems, and ensuring it can handle various security threats.
• Security Testing: Perform penetration testing, vulnerability scanning, and dynamic application security testing (DAST).
• Requirement Verification: Ensure all security requirements are met.
• Fuzz Testing: Validate software by providing unexpected or invalid inputs.
5
Deployment : focuses on releasing the secure application into the production environment, ensuring that the deployment
process maintains the security Secure Configuration: Ensure servers, databases, and environments are securely configured.
• Runtime Protections: Deploy firewalls, intrusion detection/prevention systems, and monitoring tools.
• Secure Pipelines: Use encrypted communication during deployment and CI/CD processes for ex (DepOps).
6

7. preencoded.png
Maintenance : is the ongoing process of managing and updating the software after it has been deployed. It involves
continuously monitoring for security issues and making updates to address new threats, ensuring the software remains
secure over time.
• Regular Updates and Patching: Apply security patches promptly to address vulnerabilities.
• Monitoring and Auditing: Continuously monitor the system for suspicious activity and conduct periodic audits.
• Incident Response Plan: Implement a plan to quickly respond to and recover from breaches.
7
Phases of Secure SDLC(Secure Software Development Life Cycle)

8. preencoded.png
▪ Lack of Security Knowledge / Awareness : One of the main problems is that not everyone involved in making software knows
enough about keeping it secure. This can lead to mistakes and weaknesses in the software.
▪ Fast-paced Development / Time Constraints : Developers often have to work really quickly to meet deadlines. Because of this
rush, they might not have enough time to focus on making the software secure, which can be a problem.
▪ Sophistication of Cyber Threats: Cyber threats are getting more advanced and trickier. This makes it harder for developers to
predict and protect the software from these evolving risks.
Challenges in Secure Software Development Life Cycle (SSDLC)

9. preencoded.png
How to Ensure SSDLC(Secure Software Development Life Cycle)?
▪ Education and Training: Train the development team on security best practices to increase awareness and equip them with
the skills needed to address potential security threats.
▪ Use Security Tools: Implement security tools such as code analyzers, vulnerability scanners, and penetration testing tools.
These tools help identify and fix security issues at various stages of development.
▪ Collaboration Between Teams: Encourage collaboration between development, operations, and security teams. This ensures
that everyone is aligned on security goals and measures.
▪ Continuous Improvement: Regularly review and update the SSDLC process. Learn from past experiences, incorporate
improvements, and stay informed about emerging security threats and best practices.

10. preencoded.png
Threat Modeling
Categorizing Threats with STRIDE
• STRIDE is a popular threat modeling framework used during the design phase of system development to identify and address
security threats. It focuses on common attack categories.
• By considering these categories, STRIDE helps developers proactively recognize potential vulnerabilities and secure the system
design.
• Tools : Microsoft Threat Modeling Tool
Common attack categories :
- Spoofing
• Threat: Impersonation of a user.
• Mitigation: Implement strong authentication mechanisms (e.g., multi-factor authentication).
Tampering:
• Threat: Unauthorized modification of data or code.
• Mitigation: Use cryptographic hashing, checksums, and digital signatures to ensure data integrity.
Repudiation:
• Threat: Denying an action or transaction without the ability to prove otherwise.
• Mitigation: Use logging and auditing mechanisms with tamper-proof storage.

11. preencoded.png
Threat Modeling
Categorizing Threats with STRIDE
Information Disclosure:
• Threat: Unauthorized access to sensitive information.
• Mitigation: Employ encryption for data at receive and in transmit, and enforce access control policies.
Denial of Service (DoS):
• Threat: Disruption of services, making resources unavailable.
• Mitigation: Use rate-limiting (Configure rules like "10 requests per second per IP.").
traffic filtering (Identify and filter automated traffic).
redundancy strategies (Use load balancers to distribute traffic across multiple servers).
Elevation of Privilege:
• Threat: Gaining unauthorized access to higher privileges.
Ex: A user on a system exploits a vulnerability or misconfiguration to gain unauthorized administrative
privileges, allowing them to access sensitive data or execute restricted actions.
• Mitigation: Apply the principle of least privilege and use secure access control mechanisms.

12. preencoded.png
1. Least Privilege: Limit the access of users, applications, and systems to only what is necessary.
• Example: A regular user can view data but cannot delete it. Only admins have permission to delete data.
2. Fail Securely: Ensure that if a failure occurs, the system will fail safely.
• Example: If a login attempt fails, the system only says "Login failed" and not "Incorrect password," to avoid revealing which
part is wrong.
3. Defense in Depth: Implement multiple layers of security controls to reduce risks.
• Example: A bank app uses encryption, requires two-factor authentication, and regularly checks for vulnerabilities to protect
user data.
4. Separation of Duties: Ensure different roles handle different tasks, reducing the impact of a single compromised user.
• Example: A user can make a purchase on an e-commerce site, but only an admin can process refunds, ensuring no single
person can misuse the system.
5. Security by Obscurity: Hide sensitive information (e.g., database passwords, internal architecture) to limit exposure.
• Example: Instead of using URLs like , use to make it harder for attackers to guess administrative pages.
Principles of Secure Software Design – security principle
/x9z7t3
/admin

13. preencoded.png
Components of Secure Software Development Life Cycle
(SDLC)

14. preencoded.png
Security Design Reviews (SDR)
Security design reviews are critical because they allow security flaws and weaknesses to be detected early in the development process. By
addressing security concerns during the design phase, teams can avoid costly fixes and redesigns in later stages of development, saving time,
resources, and reducing the risk of security breaches.

15. preencoded.png
Security Design Reviews (SDR)
1. Study (Study the Design): Start by reviewing the design and related documents, such as Data Flow Diagrams (DFDs) , Sequence
Diagrams, to understand the project's structure. Then, analyzing them from a security perspective to identifying potential
threats.
2. Inquire (Ask Questions): Clarify any parts of the design that might have security risks or are unclear. This ensures you fully
understand the design and its potential threats.
3. Identify(Identify Critical Security Parts): Focus on the areas of the design that are most important for security, such as how
data is stored or how the system communicates with others.
4. Collaborate(Collaborate with the Designer): Discuss your findings with the designer. Work together to address any risks and
come up with solutions. The goal is to improve security while keeping the overall design intact.
5. Write(Write a Report): Summarize your findings and provide recommendations in a report. Prioritize the changes based on
their impact or urgency.
6. Follow Up: After changes are made, verify that the issues were properly addressed and resolved before the design is finalized.

16. preencoded.png
Secure Programming
is the practice of designing, writing, and maintaining code
of software in a way that prevents security vulnerabilities
by Incorporate security into the coding phase by using
secure coding practices.
Secure Programming

17. preencoded.png
• Minimize vulnerabilities: Ensuring the software has fewer attack surfaces.
• Defend against attacks: Techniques like input validation, encryption, and secure coding practices.
• Ensure confidentiality, integrity, and availability (CIA).
• Long-term maintainability: Secure code is easier to maintain and update, reducing the risk of future vulnerabilities.
Objectives of Secure Programming

18. preencoded.png
Challenges of Secure Programming

19. preencoded.png
Challenges of Secure Programming
Malicious Influence
• Injection Attacks (e.g., SQL injection, cross-site scripting (XSS),
and denial-of-service (DoS))
• Phishing and Social Engineering (e.g. Email Phishing ,
Impersonation)
• Supply Chain Attacks (hacking third-party libraries)
The Impact of such attacks Compromise system integrity and
Confidently (Unauthorized data access or manipulation)
Vulnerability Chains
• An attacker might first exploit a buffer overflow vulnerability to
execute code, and then exploit a privilege vulnerability to gain
administrative access.
Vigilance - Elements of Vigilance:
• Regular Code Audits
• Automated Security Tools (static/dynamic analysis)
• Security Awareness Training for developers
• Incident Response Planning
Vulnerabilities as Bugs
• Buffer Overflows
• Race Conditions
• Improper Input Validation
The Impact of such bugs lead to security breaches and
Unintended system behavior.
Bugs and Entropy
Ex: Deserialization , Buffer Overflows, Race Conditions
Complexity in code and Unmanaged legacy code lead to high
entropy.
Consequences of High Entropy:
• Increased number of bugs
• Unpredictable system behavior
• Difficult maintenance

20. preencoded.png
Secure programming Principles & Practices (Cont.)
Input Validation : Thoroughly validate and sanitize all user input to prevent common vulnerabilities like
SQL injection and cross-site scripting (XSS).
• Check input for type, length, format, and range.
• Use whitelisting to accept only known good input, and reject anything else.
• Sanitize input to remove dangerous characters (e.g., <, >, & for XSS).
Error Handling : Implement robust error handling mechanisms to avoid leaking sensitive information and
exposing potential attack surfaces.
• Display generic error messages to users and log detailed errors for administrators.
• Avoid logging sensitive data (e.g., passwords or credit card information).
Secure Session Management
Protecting session data, implementing secure cookie handling, and preventing session hijacking.
• Ensure session data is encrypted both in transmit (using HTTPS) and at receive.
• Session Timeout , regenerate Session ID

21. preencoded.png
Secure programming Principles & Practices (Cont.)
Authentication and Authorization
• Authentication: Implement secure methods for verifying user identities (e.g.,
multi-factor authentication, OAuth).
• Authorization: Define and enforce access permissions for users and processes
using Access control such as roles-based access control (RBAC).
Memory Management
Prevent issues like buffer overflows which occurs when a program writes more data to a buffer (a contiguous block of
memory) than it can hold, or when it reads or writes outside its allocated memory boundaries.
• Use Safe Programming Languages : some programming languages are designed to prevent buffer overflows (C#,Java,
Python).
• Use Safe Functions : some functions are prone to buffer overflows because they do not check the size of data being
written to memory.
• Regular Code Audits and Static Analysis.
• Input validation.

22. preencoded.png
Secure programming Principles & Practices (Cont.)
Cryptography and Secure Communication
Use strong encryption algorithms and protocols (eg.HTTPS) to protect sensitive data and use secure communication channels
(e.g., TLS).
Using Secure Libraries and APIs
Leveraging trusted libraries to prevent supply chain attacks .

23. preencoded.png
Tools and Techniques for Secure Software design
Secure Coding Standards
• Technique: Follow secure coding guidelines, such as OWASP Secure
Coding Practices or CERT Secure Coding Standards, to minimize
vulnerabilities.
• Tools:
• OWASP Cheat Sheets
• CERT C and Java Secure Coding Standards
Threat Modeling
• Technique: Identify potential threats, attack vectors, and
vulnerabilities during the design phase. Use frameworks like STRIDE
or DREAD.
• Tools:
• Microsoft Threat Modeling Tool
• OWASP Threat Dragon
Dynamic Application Security Testing (DAST)
• Technique: Test running applications to find security issues like
injection flaws and misconfigurations.
• Tools:
• OWASP ZAP (Zed Attack Proxy)
• Burp Suite
Code Review and Analysis
• Technique: Conduct peer reviews or automated checks to ensure
adherence to secure design principles.
• Tools:
• GitHub CodeQL
• Codacy
Automated Security Testing
• Technique: Integrate automated security testing into the CI/CD
pipeline to catch vulnerabilities early.
• Tools : Azure Devops,Jenkins
Static Application Security Testing (SAST)
• Technique: Analyze source code for security vulnerabilities without
running the software.
• Tools:
• SonarQube , Checkmarx , Fortify Static Code Analyzer

24. preencoded.png
• Pressman, R. S. (2010). Software engineering: A practitioner's approach (7th ed.).
McGraw-Hill Education.
• Kohnfelder, L., & Schuyler, P. (2001). Designing secure software: A guide for
developers. Addison-Wesley.
• Andress, J., & Winterfeld, S. (2011). Cyber warfare: Techniques, tactics and tools
for security practitioners. Elsevier.
• Dafydd, S., & Stuttard, M. (2011). The web application hacker's handbook: Finding
and exploiting security flaws (2nd ed.). Wiley Publishing.
• Ugnichenko, A. V. (2009). Secure software design [E-book]. Retrieved November
28, 2024, from
https://masters.donntu.ru/2009/fvti/ugnichenko/library/EFLVSecSysDes1.pdf
• Umair, M., Shah, H., & Khan, Z. A. (2010). A survey on requirements and design
methods for secure software development. ResearchGate. Retrieved November
28, 2024, from https://www.researchgate.net/publication/228804937
• IEEE Computer Society. (2007). The IEEE secure design principles: Developing tools
to strengthen software. IEEE Xplore. Retrieved November 28, 2024, from
https://ieeexplore.ieee.org/abstract/document/4529475
• Semantics Scholar. (n.d.). Techniques for software system design security.
Semantics Scholar. Retrieved November 28, 2024, from
https://pdfs.semanticscholar.org/ac51/7c1c09b4db636a3e278d46175d12c99158c
0.pdf
Reference