Code (In)Security - ISC

More documents

Recommendations

Info

Configuration differences between the development and production environments must be ensured so that code can execute with least privilege, irrespective of the environment. It is also imperative to ensure that code explicitly set to run with elevated privileges is carefully monitored (audited) and managed. Conclusion ‘Don’t write insecure code’ is one of the eight secure habits discussed in “8 Simple Rules for Developing More Secure Code”. i Without a thorough understanding of what constitutes insecure code, it would be unfair to expect developers to write more secure code. “It is critical to all those who write code to make it a habit to incorporate security in the code they write. ” Should your code fall victim to a security breach, the code itself would be deemed innocent, but that kind of leniency will not be extended to the individual, team, or organization that wrote the code. So it is critical to all those who write code to make it a habit to incorporate security in the code they write. • Validates input Secure Code Characteristics • Does not allow dynamic construction of queries using user-supplied data • Audits and logs business-critical functions • Is signed to verify the authenticity of its origin • Does not use predictable session identifiers • Does not hard-code secrets inline • Does not cache credentials • Is properly instrumented • Handles exceptions explicitly • Does not disclose too much information in its errors • Does not reinvent existing functionality, and uses proven cryptographic algorithms • Does not use weak cryptographic algorithms • Uses randomness in the derivation of cryptographic keys • Stores cryptographic keys securely • Does not use banned APIs and unsafe functions • Is obfuscated or shrouded • Is built to run with least privilege 6 “Writing secure code has the added benefit of producing code that is of quality – functional, reliable, and less error-prone.” It would be far beyond the scope of this paper to enumerate all the ways that one can avoid writing insecure code, and/or write secure code. Instead, this should be treated as merely an eye-opener to how to code securely, and the tremendous risks of not doing so. Just as a game of chess produces an infinite number of moves once the game begins, with a limited number of opening gambits, understanding the characteristics of insecure code is one of the first moves to ensure that code is written to be hacker-resistant. Insecure code means checkmate. www.isc2.org
Summary of Insecure Concepts I N S E C U R E Characteristic Injectable Code Non-Repudiation Mechanisms not Present Spoofable Code Exceptions and Errors not Properly Handled Cryptographically Weak Code Unsafe/Unused Functions and Routines in Code Reversible Code Elevated Privileges Required to Run What is it? Code that makes injection attacks possible by allowing user supplied input to be executed as code. Authenticity of code origin and actions are disputable. Code that making spoofing attacks possible. Code that reveals verbose error messages and exception details, or fails-open in the event of a failure. Code that uses nonstandard, weak or custom cryptographic algorithms and manages key insecurely. Code that increases attack surface by using unsafe routines or containing unused routines. Code that allows for determination of internal architecture, design. Code that violates the principle of least privilege. 7 Insecure Code Examples No input validation, Dynamic construction of queries Unsigned executables, Auditing not present Predictable session identifiers, hard-coded passwords, caching credentials and allowing identity impersonation Verbose errors, Unhandled exceptions, Fails open Key not derived and managed securely Banned API functions, Easter Eggs Unobfuscated code, Unsigned Executables Administrative accounts How to Fix It Input Validation, Parameterized queries Code Signing Session, Cache and Password Management, Managing identity impersonation Non-verbose error messages, Explicit exception handing (Try- Catch-Finally) blocks, Fail-secure Do not use weak, nonstandard algorithms, custom cryptography, Use RNG and PRNG for key derivation. Do not use banned APIs unsafe functions, Input validation, remove unused routines and Easter eggs. Code obfuscation (shrouding), Digitally signing code Environment configuration, Code set explicitly to run with least privilege www.isc2.org
Page 1 and 2: Introduction Past (ISC) 2® publish
Page 3 and 4: Predictable session identifiers, ha
Page 5: eggomaniac!) are some of the detrim

Code (In)Security - ISC

Create successful ePaper yourself

Delete template?

Save as template?