1 / 15

Binary and Protocol Security Assurance

Binary and Protocol Security Assurance. Mahesh Saptarshi, Technical Director Symantec software India Pvt Ltd. Agenda. 1. Disclaimers, requests, etc. 2. Security Bugs – what, how, and their classification. 3. Security assurance of Binary – 3 rd party modules. 4.

rswearengin
Download Presentation

Binary and Protocol Security Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Binary and Protocol Security Assurance Mahesh Saptarshi, Technical Director Symantec software India Pvt Ltd

  2. Agenda 1 Disclaimers, requests, etc 2 Security Bugs – what, how, and their classification 3 Security assurance of Binary – 3rd party modules 4 Security assurance of network protocols 5 Tools and techniques for discovering security bugs Summary and Q/A 6

  3. Disclaimers, Requests, etc • Not Symantec company position, statement or policy • Focus on the technical details • Cell phones - Please activate vibrate/quiet mode • Ask a question any time • Q&A time also at the end • Much of the material is learned by practice 3

  4. Security Bugs – What • Assets, threats, Software bugs aka vulnerabilities • Threats always exist – probabilities vary • Vulnerabilities make exploits possible • Threats can be mitigated – reduced probability • Threats != attacks • Vulnerabilities != attacks • Attacks – attempts by malicious entity to actuate a threat • Our aim – Eliminate or mitigate vulnerabilities • To foil attacks • So that probability of a threat is reduced • So that the asset is secure 4

  5. Our Goal Eliminate or mitigate vulnerabilities • To foil attacks • So that probability of a threat is reduced • So that the asset is secure 5

  6. Security Bugs – Causes • Causes of Security bugs • Insecure design • Insecure Coding • Insecure environment • Lack of proper data validation • Lack of Security Assurance 6

  7. Security Bugs –Examples • Buffer overflow • Cross site scripting • Authentication bypass • Escalation of privilege • Arbitrary code execution • SQL injection • Arbitrary file modification/overwrite/truncation 7

  8. Most prevalent security issues • Input validation • buffer overflow • Cross site scripting • SQL injection • File path redirection • Authentication bypass • Session issues • session hijack, session replay • insufficient randomization • Configuration security 9

  9. Practical approach to finding security bugs • Brute Force • Fuzzing • Feeding the application lots of different values of the data • Values of data are derived by systematic or random changes to a valid value • Network fuzzing, file fuzzing, API parameter fuzzing. Web request fuzzing • Automation required – too many variations • Intelligent Security assurance • Targetted fuzzing • Integer values at byte boundaries • Size value and buffer size mismatch • SQL query and cross domain scripting verification • Path variation related attacks 10

  10. Practical approach to hunting for security bugs – cont. • Authentication related verification • Session re-establishment protocol • Frequent session or form reload testing • Fake client instantiation • Fake server instantiation • Proxy and session break up • Defaults verification by denying authentication protocol completion 11

  11. Practical approach to hunting for security bugs – cont. • Session issues • Session hijack using a proxy • MITM attack • Session key management verification • Encryption key management verification • Session key exchange protocol verification • Session timeout testing 12

  12. Practical approach to hunting for security bugs – cont. • Configuration Security • File permissions • File name generation and temporary file location • Configuration file fuzzing and unreasonable values • Locale related verification • Registry entry permissions – DACLs • Log file permissions – log analyzers and report generators • Event viewers • File overwrite attack using “log truncate” or “cleanup” action • File upload/download and overwrite action • Arbitrary file access action 13

  13. Tools for hunting down security bugs • Static source code analysis – Coverity, RATS, Findbugs, FxCOP • Nessus – Port scanner and vulnerability verification • NMAP – network mapper, services and OS security • Wireshark – Sniffing network traffic • SPIKE – network fuzzing • Filemon/Regmon – monitoring file access,registry • PEexplorer – exploring running processes • IDA – debugger for analysing crash dumps • WebInspect, AppScan, Cenzic hailstorm – web security attack tools 14

  14. Summary • Software Security bugs Eliminate or mitigate vulnerabilities • To foil attacks • So that probability of a threat is reduced • So that the asset is secure 15

  15. Mahesh Saptarshi Mahesh_saptarshi@symantec.com

More Related