课程编码
cl-sdl
课程时长
14 小时 通常来说是2天,包括中间休息。
课程概览
Combined SDL核心培训通过Microsoft安全开发生命周期(SDL)提供对安全软件设计,开发和测试的深入了解。它提供了对SDL基本构建块的100级概述,然后是设计技术,用于检测和修复开发过程早期阶段的缺陷。
处理开发阶段,本课程概述了托管代码和本机代码的典型安全相关编程错误。针对所讨论的漏洞以及相关的缓解技术提供了攻击方法,所有这些都通过一些为参与者提供实时黑客乐趣的动手练习进行了解释。介绍了不同的安全测试方法,然后展示了各种测试工具的有效性。通过将工具应用于已经讨论过的易受攻击的代码,参与者可以通过一些实际练习来理解这些工具的操作。
参加此课程的学员将
了解安全性,IT安全性和安全编码的基本概念
了解Microsoft安全开发生命周期的基本步骤
学习安全的设计和开发实践
了解安全实施原则
了解安全测试方法
- 获取有关安全编码实践的资料和进一步阅读材料
听众
开发人员,经理
Machine Translated
课程大纲
Day 1
- IT security and secure coding
- Nature of security
- IT security related terms
- Definition of risk
- Different aspects of IT security
- Requirements of different application areas
- IT security vs. secure coding
- From vulnerabilities to botnets and cybercrime
- Nature of security flaws
- Reasons of difficulty
- From an infected computer to targeted attacks
- Classification of security flaws
- Landwehr’s taxonomy
- The Seven Pernicious Kingdoms
- OWASP Top Ten 2013
- OWASP Top Ten comparison 2003 – 2013
- Introduction to the Microsoft® Security Development Lifecycle (SDL)
- Agenda
- Applications under attack...
- Cybercrime Evolution
- Attacks are focusing on applications
- Most vulnerabilities are in smaller ISV apps
- Origins of the Microsoft SDL...
- Security Timeline at Microsoft...
- Which apps are required to follow SDL?
- Microsoft Security Development Lifecycle (SDL)
- Microsoft Security Development Lifecycle (SDL)
- Pre-SDL Requirements: Security Training
- Phase One: Requirements
- Phase Two: Design
- Phase Three: Implementation
- Phase Four: Verification
- Phase Five: Release – Response Plan
- Phase Five: Release – Final Security Review
- Phase Five: Release – Archive
- Post-SDL Requirement: Response
- SDL Process Guidance for LOB Apps
- SDL Guidance for Agile Methodologies
- Secure Software Development Requires Process Improvement
- Secure design principles
- Attack surface
- Attack surface reduction
- Attack surface – an example
- Attack surface analysis
- Attack surface reduction – examples
- Privacy
- Privacy
- Understanding Application Behaviors and Concerns
- Defense in depth
- SDL Core Principle: Defense In Depth
- Defense in depth – example
- Least privilege principle
- Least privilege – example
- Secure defaults
- Secure defaults – examples
- Attack surface
- Secure implementation principles
- Agenda
- Microsoft Security Development Lifecycle (SDL)
- Buffer overflow basics
- Intel 80x86 Processors – main registers
- The memory address layout
- The function calling mechanism in C/C++ on x86
- The local variables and the stack frame
- Stack overflow
- Buffer overflow on the stack
- Exercises – introduction
- Exercise BOFIntro
- Exercise BOFIntro – determine the stack layout
- Exercise BOFIntro – a simple exploit
- Input validation
- Input validation concepts
- Integer problems
- Representation of negative integers
- Integer overflow
- Arithmetic overflow – guess the output!
- Exercise IntOverflow
- What is the value of Math.Abs(int.MinValue)?
- Integer problem mitigation
- Integer problem mitigation
- Avoiding arithmetic overflow – addition
- Avoiding arithmetic overflow – multiplication
- Detecting overflow with the checked keyword in C#
- Exercise – Using the checked keyword in C#
- Exceptions triggered by overflows in C#
- Case study –Integer overflow in .NET
- A real-world integer overflow vulnerability
- Exploiting the integer overflow vulnerability
- Path traversal vulnerability
- Path traversal mitigation
Day 2
- Secure implementation principles
- Injection
- Typical SQL Injection attack methods
- Blind and time-based SQL injection
- SQL Injection protection methods
- Command injection
- Broken authentication - password management
- Exercise – Weakness of hashed passwords
- Password management and storage
- Special purpose hash algorithms for password storage
- Cross-Site Scripting (XSS)
- Cross-Site Scripting (XSS)
- CSS injection
- Exploitation: injection through other HTML tags
- XSS prevention
- Missing function level access control
- Filtering file uploads
- Practical cryptography
- Providing confidentiality with symmetric cryptography
- Symmetric encryption algorithms
- Block ciphers – modes of operation
- Hash or message digest
- Hash algorithms
- Message Authentication Code (MAC)
- Providing integrity and authenticity with a symmetric key
- Providing confidentiality with public-key encryption
- Rule of thumb – possession of private key
- Typical mistakes in password management
- Exercise – Hard coded passwords
- Conclusion
- Injection
- Secure verification principles
- Functional testing vs. security testing
- Security vulnerabilities
- Prioritization
- Security testing in the SDLC
- Steps of test planning (risk analysis)
- Scoping and information gathering
- Stakeholders
- Assets
- The attack surface
- Security objectives for testing
- Threat modeling
- Threat modeling
- Attacker profiles
- Threat modeling based on attack trees
- Threat modeling based on misuse/abuse cases
- Misuse/abuse cases – a simple Web shop example
- STRIDE per element approach to threat modeling – MS SDL
- Identifying security objectives
- Diagramming – examples of DFD elements
- Data flow diagram – example
- Threat enumeration – MS SDL’s STRIDE and DFD elements
- Risk analysis – classification of threats
- The DREAD threat/risk ranking model
- Security testing techniques and tools
- General testing approaches
- Techniques for various steps of the SDLC
- Code review
- Code review for software security
- Taint analysis
- Heuristics
- Static code analysis
- Static code analysis
- Static code analysis
- Exercise – Using static code analysis tools
- Testing the implementation
- Manual run-time verification
- Manual vs. automated security testing
- Penetration testing
- Stress tests
- Fuzzing
- Automated security testing - fuzzing
- Challenges of fuzzing
- Web vulnerability scanners
- Exercise – Using a vulnerability scanner
- Checking and hardening the environment
- Common Vulnerability Scoring System – CVSS
- Vulnerability scanners
- Public databases
- Case study – Forms Authentication Bypass
- NULL byte termination vulnerability
- The Forms Authentication Bypass vulnerability in the code
- Exploiting the Forms Authentication Bypass
- Knowledge sources
- Secure coding sources – a starter kit
- Vulnerability databases
- .NET secure coding guidelines at MSDN
- .NET secure coding cheat sheets
- Recommended books – .NET and ASP.NET