Application security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Application Security PowerPoint PPT Presentation


  • 227 Views
  • Updated On :
  • Presentation posted in: General

Application Security. Malicious Code. Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks Trapdoors Worms/Viruses Bot Networks. Vulnerable Software. Buffer overflows Insecure running environment Insecure temporary files

Download Presentation

Application Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Application security

Application Security


Malicious code

Malicious Code

  • Vulnerable Software

  • Hacker toolkits

  • Back/Trapdoors

  • Greedy Programs / Logic bombs

  • Salami Attacks

  • Trapdoors

  • Worms/Viruses

  • Bot Networks


Vulnerable software

Vulnerable Software

  • Buffer overflows

  • Insecure running environment

  • Insecure temporary files

  • Insecure program calls

  • Weak encryption

  • Poor programming

  • “If people built buildings the way that programmers write software, the first woodpecker to come along would destroy civilization.”


Handling vulnerabilities

Handling Vulnerabilities

  • Locating

  • Dealing with vendors

  • Applying patches

  • Disabling services

  • Reconfiguring software/services


Hacker toolkits

Hacker Toolkits

Programs that automatically scan for security problems on systems

  • Useful for system administrators to find problems for fixing

  • Useful for hackers to find problems for exploitation

    Examples:

  • SATAN

  • COPS

  • ISS

    Countermeasure: Detection Software


Back trapdoors

Back/Trapdoors

  • Pieces of code written into applications of operating systems to grant programmers easy access

  • Useful for debugging and monitoring

  • Too often, not removed

  • Examples:

    • Dennis Richie’s loging/compiler hack

    • Sendmail DEBUG mode

  • Countermeasures

    • Sandboxing

    • Code Reviews


Logic bombs

Logic Bombs

  • Pieces of code to cause undesired effects when event occurs

  • Used to enforce licenses (time-outs)

  • Used for revenge by disgruntled

  • Can be hard to determine malicious

  • Examples

    • British accounting firm logic bomb

    • British bank hack

  • Countermeasures

    • Personnel security


Viruses

Viruses

  • Pieces of code that attach to existing programs

  • Not distinct program

  • No beneficial use – VERY destructive

  • Examples:

    • Michelangelo

    • Love letter

  • Countermeasures

    • Virus detection/disinfection software


Structure of a virus

Structure of a Virus

  • Marker: determine if a potential carrier program has been previously infected

  • Infector: Seeks out potential carriers and infects

  • Trigger check: Establishes if current conditions are sufficient for manipulation

  • Manipulation: Carry out malicious task


Types of viruses

Types of Viruses

  • Memory-resident

  • Hardware

  • Buffered

  • Hide-and-seek

  • Live-and-die

  • Boot segment

  • Macro


Worms

Worms

  • Stand-alone programs that copy themselves from system to system

  • Some use in network computation

  • Examples:

    • Dolphin worm (Xerox PARC)

    • Code Red (2001, $12B cost)

    • Morris Worm (1988, $20M cost)

  • Countermeasures

    • Sandboxing

    • Quick patching: fix holes, stop worm


Trojan horses

Trojan Horses

  • Programs that have malicious covert purpose

  • Have been used for license enforcement

  • Examples:

    • FIX2001

    • AOL4FREE

    • RIDBO

  • Countermeasures

    • Sandboxing

    • Code reviews


Greedy programs

Greedy Programs

  • Programs that copy themselves

  • Core wars

  • Have been used in destructive web pages, standalone programs

  • Can be very difficult to show deliberate usage

  • Countermeasures:

    • CPU quotas on process families

    • Process quotas

    • Review of imported software & web pages


Bot networks

Bot Networks

  • Collections of compromised machines

  • Typically, compromised by scripts

  • Respond to commands, perhaps encrypted

  • Examples:LeavesCode Red II

  • Countermeasures: Vul patching, Integrity checks


  • Login