SlideShare une entreprise Scribd logo

20100309 03 - Vulnerability analysis (McCabe)

L
LeClubQualiteLogicielle

What is vulnerability analysis

Logiciels
1  sur  19
Télécharger pour lire hors ligne
Vulnerability analysis - Vulnerability analysis involves discovering a subset of the input space with which a malicious user can exploit logic errors in an application to drive it into an insecure state. http://doi.ieeecomputersociety.org What is Vulnerability Analysis? copyright c March 9 2010 McCabe Technology
Potential vulnerabilities – locations within a program that contain known weaknesses - Example: The usage of APIs known to be susceptible to buffer overflows - Potential vulnerabilities may or may not be exploitable. Exploitable vulnerabilities - exist when a potentially vulnerable program location... - Is dependent on or able to be influenced by user supplied input - Is reachable on the program control flow graph at runtime Potential vs. Exploitable Vulnerabilities copyright c March 9 2010 McCabe Technology
Paths Connecting Attack Surface & Target Attack Surface Entry Libraries Attack Surface Target Libraries Subtrees/Paths RECV() STRCPY() copyright c March 9 2010 McCabe Technology
Advanced Exclude: Select Load Option Use the Advanced Exclude Menu to load a Class file that includes all the banned functions from Microsoft & OWASPS. This file user editable. Additional modules and/or library functions can be added. copyright c March 9 2010 McCabe Technology
Preloaded User Definable Classes for Security • List of Banned APIs from the Microsoft Secure Software Development Lifecycle & from OWASP • Attack Surface APIs and Libraries (entry points) • Vulnerable APIs and Libraries (exploitable targets) • Individual Attack Surface Entry Point • Individual Attack Surface Target Point copyright c March 9 2010 McCabe Technology
Class Editor: User Definable Class Libraries Preloaded with Microsoft & OWASP’s Banned Functions. User has the ability to add or delete Attack Surface & Target parameters copyright c March 9 2010 McCabe Technology
Advanced Exclude: Narrow Scope Use the Advanced Exclude Option to understand entry points into the system, narrow the scope of analysis, and to view attack space in context of the rest of the system copyright c March 9 2010 McCabe Technology
Attack Modeling copyright c March 9 2010 McCabe Technology
Even if you can make any code you write secure, you're still at the mercy of all those libraries. The C language is notorious for creating software with buffer overflows because of library calls. Standard C functions that do no range checking of character string inputs are vulnerable to function algorithm attacks. These functions include scanf(), gets(), getwd(), [vg]scanf, realpath, [v]sprintf(), sprintf(), vsprintf(), strcpy(), and strcat(). Gets() is an excellent example. This function performs the common task of reading user input, but it keeps accepting the input until it sees a command ending the line or closing the file. That means that gets() can always be used to overflow any size buffer—no matter how large. If you use fgets() instead, you can set a parameter to limit the number of characters it will accept, thus preventing buffer overflows. Strcpy() is similar in that it copies a string from a source to a buffer (again, it doesn’t limit the size of the string). There are safe ways to use strcpy(), such as adding a check; however, it’s often simpler to use strncpy(dst, src, dst_size – 1), which lets you specify a maximum number of characters. This is a particularly good alternative for many uses because it doesn’t throw an error when the input is too big—it simply terminates. If you need to generate an error when a specified string length is exceeded, you can use strcpy() along with a check, such as: if(strln(src) >= dst_size)... Strcat() concatenates a string onto the end of a buffer. Strncat() is a safer alternative, but it does require that you monitor the room left in the buffer. Libraries: Major challenge for developers who need to produce secure applications copyright c March 9 2010 McCabe Technology
A software system’s attack surface is the subset of resources that an attacker can use to attack the system. The classic attack surface definition assumes all entry points into the software system; this can include certain Windows registry keys, open handles to windowed objects, or command-line parameters It is important to differentiate the classic definition of attack surface from the useable attack surface. ... What is the Attack Surface? copyright c March 9 2010 McCabe Technology
Use the tools to extract subgraph of overall CFG that includes all nodes on a path between input acceptance node and target nodes (potentially vulnerability nodes containing things like strcpy calls) Standard C functions that do no range checking of character string inputs are vulnerable to function algorithm attacks. These functions include scanf(), gets(), sprintf(), vsprintf(), strcpy(), and strcat() Other possible vulnerable procedures include: printf, fprintf, snprintf, vsnprintf. This list names some of the worst offenders. Also, even though there are safer alternatives for most of these functions, those alternatives aren’t absolutely safe. You can still get into trouble using them—often with unterminated strings or by specifying the wrong buffer size Attack Map Modeling using McCabe IQ Battlemap copyright c March 9 2010 McCabe Technology
It is the portion of the attack surface that an attacker could use to crash the software, access sensitive information or gain access to the host machine remotely. It is these particular areas of code that we are interested in exercising as they pose the highest degree of risk. It is also independent of configuration, and specification, as we are testing the connected code to a particular input source. What is Useable Attack Surface? Parsing & validation logic on path between recv and strcpy copyright c March 9 2010 McCabe Technology
Attack Surface Analysis & Reduction Microsoft Secure Software Development Series Best Practices -The Security Development Lifecycle SDL: A Process for Developing Demonstrably More Secure Software By Michael Howard and Steve Lipner http://www.microsoft.com/security/sdl/about/process.aspx copyright c March 9 2010 McCabe Technology
Viewing Attack space in relation to rest of code copyright c March 9 2010 McCabe Technology
In order to determine if the vulnerability is an exploitable threat, one must prove that it is reachable on the execution path given some user supplied input. The exploitability is dependent upon the control flow logic on the paths between the external input and targeted exploitable routines. The diagram below illustrates this idea, in this case showing control flow inclusive of packet acceptance and the basic block where a vulnerable API function is used. To narrow the scope of exploitable code, we consider its attack trees. … Exploitability Implies Reachability Parsing & validation logic on path between recv and strcpy copyright c March 9 2010 McCabe Technology
What is An Attack Tree? An Attack Tree is a set of paths connecting a specific attack surface and specific attack target. Attack Tree is also known as “And/Or Trees”. The history of the Attack Tree can be traced back to the Fault Tree developed by Bell Labs and the U.S. Air Force in 1960s. The software related application of Fault Tree is also known as Threat Tree, which is an excellent tool for modeling a particular attack scenario. McCabe IQ uses the McCabe Design Complexity Metrics, visual subtree graphs, subtree test conditions and code coverage as Attack Trees. McCabe Design Complexity metrics are typically calculated rooted at the input node of the attack surface. copyright c March 9 2010 McCabe Technology
Applying McCabe Design Complexity to Attack Trees Definition: module design complexity of a module is a measure of the decision structure which controls the invocation of the module’s immediate subordinate modules. It is a quantification of the testing effort of a module as it calls its subordinates. The module design complexity is calculated as the cyclomatic complexity of the reduced graph. Reduction is completed by removing decisions and nodes that do not impact the calling control of the module over its subordinates. McCabe Design complexity metrics should be calculated by rooting at the input acceptance node. The McCabe Design complexity metrics and subtrees can be used to understand and test Attack Trees within the source code. copyright c March 9 2010 McCabe Technology
How do you assess complexity & test effort for component design? S1 = S0 - n + 1= 12 - 7 + 1 = 6 By measuring the integration paths in its modules Integration complexity S1 copyright c March 9 2010 McCabe Technology
McCabe System Design Complexity Attack Tree copyright c March 9 2010 McCabe Technology

Recommandé

VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...Stefano Dalla Palma
 
A Platform for Application Risk Intelligence
A Platform for Application Risk IntelligenceA Platform for Application Risk Intelligence
A Platform for Application Risk IntelligenceCheckmarx
 
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...Amine Barrak
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Dupressoir
DupressoirDupressoir
Dupressoiranesah
 
Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...IJECEIAES
 
Creating and Analyzing Source Code Repository Models - A Model-based Approach...
Creating and Analyzing Source Code Repository Models - A Model-based Approach...Creating and Analyzing Source Code Repository Models - A Model-based Approach...
Creating and Analyzing Source Code Repository Models - A Model-based Approach...Markus Scheidgen
 
Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...
Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...
Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...Markus Scheidgen
 

Recommandé

VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assis...Stefano Dalla Palma
 
A Platform for Application Risk Intelligence
A Platform for Application Risk IntelligenceA Platform for Application Risk Intelligence
A Platform for Application Risk IntelligenceCheckmarx
 
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...Amine Barrak
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Dupressoir
DupressoirDupressoir
Dupressoiranesah
 
Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...IJECEIAES
 
Creating and Analyzing Source Code Repository Models - A Model-based Approach...
Creating and Analyzing Source Code Repository Models - A Model-based Approach...Creating and Analyzing Source Code Repository Models - A Model-based Approach...
Creating and Analyzing Source Code Repository Models - A Model-based Approach...Markus Scheidgen
 
Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...
Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...
Metamodeling vs Metaprogramming, A Case Study on Developing Client Libraries ...Markus Scheidgen
 
29-Krishan Kumar
29-Krishan Kumar29-Krishan Kumar
29-Krishan Kumarkrishan8018
 
Model Comparison for Delta-Compression
Model Comparison for Delta-CompressionModel Comparison for Delta-Compression
Model Comparison for Delta-CompressionMarkus Scheidgen
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
Generation of Random EMF Models for Benchmarks
Generation of Random EMF Models for BenchmarksGeneration of Random EMF Models for Benchmarks
Generation of Random EMF Models for BenchmarksMarkus Scheidgen
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testingphanleson
 
Model-based Analysis of Large Scale Software Repositories
Model-based Analysis of Large Scale Software RepositoriesModel-based Analysis of Large Scale Software Repositories
Model-based Analysis of Large Scale Software RepositoriesMarkus Scheidgen
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
Reference Representation in Large Metamodel-based Datasets
Reference Representation in Large Metamodel-based DatasetsReference Representation in Large Metamodel-based Datasets
Reference Representation in Large Metamodel-based DatasetsMarkus Scheidgen
 
Resume
ResumeResume
ResumeArvind Raghuwanshi
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsPietro De Nicolao
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
Jpl coding standard for the c programming language
Jpl coding standard for the c programming languageJpl coding standard for the c programming language
Jpl coding standard for the c programming languageKwanghee Choi
 
Automatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsAutomatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsUltraUploader
 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyDevOps.com
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelinesTrupti Shiralkar, CISSP
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...IJNSA Journal
 

Contenu connexe

Tendances

29-Krishan Kumar
29-Krishan Kumar29-Krishan Kumar
29-Krishan Kumarkrishan8018
 
Model Comparison for Delta-Compression
Model Comparison for Delta-CompressionModel Comparison for Delta-Compression
Model Comparison for Delta-CompressionMarkus Scheidgen
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
Generation of Random EMF Models for Benchmarks
Generation of Random EMF Models for BenchmarksGeneration of Random EMF Models for Benchmarks
Generation of Random EMF Models for BenchmarksMarkus Scheidgen
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testingphanleson
 
Model-based Analysis of Large Scale Software Repositories
Model-based Analysis of Large Scale Software RepositoriesModel-based Analysis of Large Scale Software Repositories
Model-based Analysis of Large Scale Software RepositoriesMarkus Scheidgen
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
Reference Representation in Large Metamodel-based Datasets
Reference Representation in Large Metamodel-based DatasetsReference Representation in Large Metamodel-based Datasets
Reference Representation in Large Metamodel-based DatasetsMarkus Scheidgen
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsPietro De Nicolao
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
Jpl coding standard for the c programming language
Jpl coding standard for the c programming languageJpl coding standard for the c programming language
Jpl coding standard for the c programming languageKwanghee Choi
 
Automatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsAutomatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsUltraUploader
 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyDevOps.com
 

Tendances (17)

29-Krishan Kumar
29-Krishan Kumar29-Krishan Kumar
29-Krishan Kumar
 
Model Comparison for Delta-Compression
Model Comparison for Delta-CompressionModel Comparison for Delta-Compression
Model Comparison for Delta-Compression
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
 
Generation of Random EMF Models for Benchmarks
Generation of Random EMF Models for BenchmarksGeneration of Random EMF Models for Benchmarks
Generation of Random EMF Models for Benchmarks
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testing
 
Model-based Analysis of Large Scale Software Repositories
Model-based Analysis of Large Scale Software RepositoriesModel-based Analysis of Large Scale Software Repositories
Model-based Analysis of Large Scale Software Repositories
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
 
Reference Representation in Large Metamodel-based Datasets
Reference Representation in Large Metamodel-based DatasetsReference Representation in Large Metamodel-based Datasets
Reference Representation in Large Metamodel-based Datasets
 
Resume
ResumeResume
Resume
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android Applications
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World Patches
 
System verilog important
System verilog importantSystem verilog important
System verilog important
 
Jpl coding standard for the c programming language
Jpl coding standard for the c programming languageJpl coding standard for the c programming language
Jpl coding standard for the c programming language
 
Automatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsAutomatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulators
 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
 

Similaire à 20100309 03 - Vulnerability analysis (McCabe)

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...IJNSA Journal
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsDr. Ramchandra Mangrulkar
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationMalachi Jones
 
Aspect Oriented Programming Through C#.NET
Aspect Oriented Programming Through C#.NETAspect Oriented Programming Through C#.NET
Aspect Oriented Programming Through C#.NETWaqas Tariq
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingnong_dan
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdfGabriel Mathenge
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blockerakila_mano
 
What
WhatWhat
Whatanity
 
ASIP (Application-specific instruction-set processor)
ASIP (Application-specific instruction-set processor)ASIP (Application-specific instruction-set processor)
ASIP (Application-specific instruction-set processor)Hamid Reza
 
Organizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docx
Organizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docxOrganizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docx
Organizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docxhye345678
 

Similaire à 20100309 03 - Vulnerability analysis (McCabe) (20)

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelines
 
Software security
Software securitySoftware security
Software security
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_Exploitation
 
A035401010
A035401010A035401010
A035401010
 
Aspect Oriented Programming Through C#.NET
Aspect Oriented Programming Through C#.NETAspect Oriented Programming Through C#.NET
Aspect Oriented Programming Through C#.NET
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programming
 
SOHIL_RM (1).pptx
SOHIL_RM (1).pptxSOHIL_RM (1).pptx
SOHIL_RM (1).pptx
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker
 
What
WhatWhat
What
 
Commix
Commix Commix
Commix
 
ASIP (Application-specific instruction-set processor)
ASIP (Application-specific instruction-set processor)ASIP (Application-specific instruction-set processor)
ASIP (Application-specific instruction-set processor)
 
spamzombieppt
spamzombiepptspamzombieppt
spamzombieppt
 
Safety criticalc++
Safety criticalc++Safety criticalc++
Safety criticalc++
 
Organizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docx
Organizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docxOrganizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docx
Organizational TemplateA- Identify the Vulnerability Type(s)B- Lis.docx
 

Plus de LeClubQualiteLogicielle

20171122 03 - Les tests de performance en environnement DevOps
20171122 03 - Les tests de performance en environnement DevOps20171122 03 - Les tests de performance en environnement DevOps
20171122 03 - Les tests de performance en environnement DevOpsLeClubQualiteLogicielle
 
20171122 04 - Automatisation - formation et certifications
20171122 04 - Automatisation - formation et certifications20171122 04 - Automatisation - formation et certifications
20171122 04 - Automatisation - formation et certificationsLeClubQualiteLogicielle
 
20171122 01 - REX : Intégration et déploiement continu chez Engie
20171122 01 - REX : Intégration et déploiement continu chez Engie20171122 01 - REX : Intégration et déploiement continu chez Engie
20171122 01 - REX : Intégration et déploiement continu chez EngieLeClubQualiteLogicielle
 
20171122 02 - Engage developers to use better coding practices
20171122 02 - Engage developers to use better coding practices20171122 02 - Engage developers to use better coding practices
20171122 02 - Engage developers to use better coding practicesLeClubQualiteLogicielle
 
20171122 - Accueil Club Qualité Logicielle
20171122 - Accueil Club Qualité Logicielle 20171122 - Accueil Club Qualité Logicielle
20171122 - Accueil Club Qualité Logicielle LeClubQualiteLogicielle
 
20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...
20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...
20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...LeClubQualiteLogicielle
 
20151013 - Agirc arrco : Behavior driven development
20151013 - Agirc arrco : Behavior driven development20151013 - Agirc arrco : Behavior driven development
20151013 - Agirc arrco : Behavior driven developmentLeClubQualiteLogicielle
 
20151013 - Réduire les coûts des tests de performance ?
20151013 - Réduire les coûts des tests de performance ?20151013 - Réduire les coûts des tests de performance ?
20151013 - Réduire les coûts des tests de performance ?LeClubQualiteLogicielle
 
20151013 - Accueil Club Qualité Logicielle
20151013 - Accueil Club Qualité Logicielle 20151013 - Accueil Club Qualité Logicielle
20151013 - Accueil Club Qualité Logicielle LeClubQualiteLogicielle
 
20151013 - DevOps et qualification continue
20151013 - DevOps et qualification continue20151013 - DevOps et qualification continue
20151013 - DevOps et qualification continueLeClubQualiteLogicielle
 
20140410 - Cartographie applicative multi-technologies et analyse d'impact
20140410 - Cartographie applicative multi-technologies et analyse d'impact20140410 - Cartographie applicative multi-technologies et analyse d'impact
20140410 - Cartographie applicative multi-technologies et analyse d'impactLeClubQualiteLogicielle
 
20140410 - Implémentation de squash TM-TA - Architecture et méthodologie
20140410 - Implémentation de squash TM-TA - Architecture et méthodologie20140410 - Implémentation de squash TM-TA - Architecture et méthodologie
20140410 - Implémentation de squash TM-TA - Architecture et méthodologieLeClubQualiteLogicielle
 
20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...
20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...
20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...LeClubQualiteLogicielle
 
20140410 - Choisir et implanter un outil de test
20140410 - Choisir et implanter un outil de test20140410 - Choisir et implanter un outil de test
20140410 - Choisir et implanter un outil de testLeClubQualiteLogicielle
 
20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...
20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...
20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...LeClubQualiteLogicielle
 
20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...
20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...
20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...LeClubQualiteLogicielle
 
20130113 05 - Inspection continue et roadmap 2013
20130113 05 - Inspection continue et roadmap 201320130113 05 - Inspection continue et roadmap 2013
20130113 05 - Inspection continue et roadmap 2013LeClubQualiteLogicielle
 
20130113 04 - Tests d'integration et virtualisation - La vision IBM
20130113 04 - Tests d'integration et virtualisation - La vision IBM20130113 04 - Tests d'integration et virtualisation - La vision IBM
20130113 04 - Tests d'integration et virtualisation - La vision IBMLeClubQualiteLogicielle
 
20130523 06 - The mathematics the way algorithms think / the mathematics the ...
20130523 06 - The mathematics the way algorithms think / the mathematics the ...20130523 06 - The mathematics the way algorithms think / the mathematics the ...
20130523 06 - The mathematics the way algorithms think / the mathematics the ...LeClubQualiteLogicielle
 

Plus de LeClubQualiteLogicielle (20)

20171122 03 - Les tests de performance en environnement DevOps
20171122 03 - Les tests de performance en environnement DevOps20171122 03 - Les tests de performance en environnement DevOps
20171122 03 - Les tests de performance en environnement DevOps
 
20171122 04 - Automatisation - formation et certifications
20171122 04 - Automatisation - formation et certifications20171122 04 - Automatisation - formation et certifications
20171122 04 - Automatisation - formation et certifications
 
20171122 01 - REX : Intégration et déploiement continu chez Engie
20171122 01 - REX : Intégration et déploiement continu chez Engie20171122 01 - REX : Intégration et déploiement continu chez Engie
20171122 01 - REX : Intégration et déploiement continu chez Engie
 
20171122 02 - Engage developers to use better coding practices
20171122 02 - Engage developers to use better coding practices20171122 02 - Engage developers to use better coding practices
20171122 02 - Engage developers to use better coding practices
 
20171122 - Accueil Club Qualité Logicielle
20171122 - Accueil Club Qualité Logicielle 20171122 - Accueil Club Qualité Logicielle
20171122 - Accueil Club Qualité Logicielle
 
20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...
20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...
20151013 - Crédit Mutuel ARKEA : mise en place d'une traçabilité outillée des...
 
20151013 - Agirc arrco : Behavior driven development
20151013 - Agirc arrco : Behavior driven development20151013 - Agirc arrco : Behavior driven development
20151013 - Agirc arrco : Behavior driven development
 
20151013 - Réduire les coûts des tests de performance ?
20151013 - Réduire les coûts des tests de performance ?20151013 - Réduire les coûts des tests de performance ?
20151013 - Réduire les coûts des tests de performance ?
 
20151013 - Accueil Club Qualité Logicielle
20151013 - Accueil Club Qualité Logicielle 20151013 - Accueil Club Qualité Logicielle
20151013 - Accueil Club Qualité Logicielle
 
20151013 - DevOps et qualification continue
20151013 - DevOps et qualification continue20151013 - DevOps et qualification continue
20151013 - DevOps et qualification continue
 
20140410 - Cartographie applicative multi-technologies et analyse d'impact
20140410 - Cartographie applicative multi-technologies et analyse d'impact20140410 - Cartographie applicative multi-technologies et analyse d'impact
20140410 - Cartographie applicative multi-technologies et analyse d'impact
 
20140410 - Implémentation de squash TM-TA - Architecture et méthodologie
20140410 - Implémentation de squash TM-TA - Architecture et méthodologie20140410 - Implémentation de squash TM-TA - Architecture et méthodologie
20140410 - Implémentation de squash TM-TA - Architecture et méthodologie
 
20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...
20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...
20140410 - Gestion des identités, traçabilité des accés - Analogie avec la qu...
 
20140410 - Choisir et implanter un outil de test
20140410 - Choisir et implanter un outil de test20140410 - Choisir et implanter un outil de test
20140410 - Choisir et implanter un outil de test
 
20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...
20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...
20130113 02 - TMMI, un modèle pour rentabiliser une organisation de test et a...
 
20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...
20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...
20130113 06 - Travaux de recherche sur la corrélation entre qualité du code e...
 
20130113 05 - Inspection continue et roadmap 2013
20130113 05 - Inspection continue et roadmap 201320130113 05 - Inspection continue et roadmap 2013
20130113 05 - Inspection continue et roadmap 2013
 
20130113 04 - Tests d'integration et virtualisation - La vision IBM
20130113 04 - Tests d'integration et virtualisation - La vision IBM20130113 04 - Tests d'integration et virtualisation - La vision IBM
20130113 04 - Tests d'integration et virtualisation - La vision IBM
 
20130523 06 - The mathematics the way algorithms think / the mathematics the ...
20130523 06 - The mathematics the way algorithms think / the mathematics the ...20130523 06 - The mathematics the way algorithms think / the mathematics the ...
20130523 06 - The mathematics the way algorithms think / the mathematics the ...
 
20130523 05 - Cyclomatic complexity
20130523 05 - Cyclomatic complexity20130523 05 - Cyclomatic complexity
20130523 05 - Cyclomatic complexity
 

Dernier

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 

Dernier (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 

20100309 03 - Vulnerability analysis (McCabe)

  • 1. Vulnerability analysis - Vulnerability analysis involves discovering a subset of the input space with which a malicious user can exploit logic errors in an application to drive it into an insecure state. http://doi.ieeecomputersociety.org What is Vulnerability Analysis? copyright c March 9 2010 McCabe Technology
  • 2. Potential vulnerabilities – locations within a program that contain known weaknesses - Example: The usage of APIs known to be susceptible to buffer overflows - Potential vulnerabilities may or may not be exploitable. Exploitable vulnerabilities - exist when a potentially vulnerable program location... - Is dependent on or able to be influenced by user supplied input - Is reachable on the program control flow graph at runtime Potential vs. Exploitable Vulnerabilities copyright c March 9 2010 McCabe Technology
  • 3. Paths Connecting Attack Surface & Target Attack Surface Entry Libraries Attack Surface Target Libraries Subtrees/Paths RECV() STRCPY() copyright c March 9 2010 McCabe Technology
  • 4. Advanced Exclude: Select Load Option Use the Advanced Exclude Menu to load a Class file that includes all the banned functions from Microsoft & OWASPS. This file user editable. Additional modules and/or library functions can be added. copyright c March 9 2010 McCabe Technology
  • 5. Preloaded User Definable Classes for Security • List of Banned APIs from the Microsoft Secure Software Development Lifecycle & from OWASP • Attack Surface APIs and Libraries (entry points) • Vulnerable APIs and Libraries (exploitable targets) • Individual Attack Surface Entry Point • Individual Attack Surface Target Point copyright c March 9 2010 McCabe Technology
  • 6. Class Editor: User Definable Class Libraries Preloaded with Microsoft & OWASP’s Banned Functions. User has the ability to add or delete Attack Surface & Target parameters copyright c March 9 2010 McCabe Technology
  • 7. Advanced Exclude: Narrow Scope Use the Advanced Exclude Option to understand entry points into the system, narrow the scope of analysis, and to view attack space in context of the rest of the system copyright c March 9 2010 McCabe Technology
  • 8. Attack Modeling copyright c March 9 2010 McCabe Technology
  • 9. Even if you can make any code you write secure, you're still at the mercy of all those libraries. The C language is notorious for creating software with buffer overflows because of library calls. Standard C functions that do no range checking of character string inputs are vulnerable to function algorithm attacks. These functions include scanf(), gets(), getwd(), [vg]scanf, realpath, [v]sprintf(), sprintf(), vsprintf(), strcpy(), and strcat(). Gets() is an excellent example. This function performs the common task of reading user input, but it keeps accepting the input until it sees a command ending the line or closing the file. That means that gets() can always be used to overflow any size buffer—no matter how large. If you use fgets() instead, you can set a parameter to limit the number of characters it will accept, thus preventing buffer overflows. Strcpy() is similar in that it copies a string from a source to a buffer (again, it doesn’t limit the size of the string). There are safe ways to use strcpy(), such as adding a check; however, it’s often simpler to use strncpy(dst, src, dst_size – 1), which lets you specify a maximum number of characters. This is a particularly good alternative for many uses because it doesn’t throw an error when the input is too big—it simply terminates. If you need to generate an error when a specified string length is exceeded, you can use strcpy() along with a check, such as: if(strln(src) >= dst_size)... Strcat() concatenates a string onto the end of a buffer. Strncat() is a safer alternative, but it does require that you monitor the room left in the buffer. Libraries: Major challenge for developers who need to produce secure applications copyright c March 9 2010 McCabe Technology
  • 10. A software system’s attack surface is the subset of resources that an attacker can use to attack the system. The classic attack surface definition assumes all entry points into the software system; this can include certain Windows registry keys, open handles to windowed objects, or command-line parameters It is important to differentiate the classic definition of attack surface from the useable attack surface. ... What is the Attack Surface? copyright c March 9 2010 McCabe Technology
  • 11. Use the tools to extract subgraph of overall CFG that includes all nodes on a path between input acceptance node and target nodes (potentially vulnerability nodes containing things like strcpy calls) Standard C functions that do no range checking of character string inputs are vulnerable to function algorithm attacks. These functions include scanf(), gets(), sprintf(), vsprintf(), strcpy(), and strcat() Other possible vulnerable procedures include: printf, fprintf, snprintf, vsnprintf. This list names some of the worst offenders. Also, even though there are safer alternatives for most of these functions, those alternatives aren’t absolutely safe. You can still get into trouble using them—often with unterminated strings or by specifying the wrong buffer size Attack Map Modeling using McCabe IQ Battlemap copyright c March 9 2010 McCabe Technology
  • 12. It is the portion of the attack surface that an attacker could use to crash the software, access sensitive information or gain access to the host machine remotely. It is these particular areas of code that we are interested in exercising as they pose the highest degree of risk. It is also independent of configuration, and specification, as we are testing the connected code to a particular input source. What is Useable Attack Surface? Parsing & validation logic on path between recv and strcpy copyright c March 9 2010 McCabe Technology
  • 13. Attack Surface Analysis & Reduction Microsoft Secure Software Development Series Best Practices -The Security Development Lifecycle SDL: A Process for Developing Demonstrably More Secure Software By Michael Howard and Steve Lipner http://www.microsoft.com/security/sdl/about/process.aspx copyright c March 9 2010 McCabe Technology
  • 14. Viewing Attack space in relation to rest of code copyright c March 9 2010 McCabe Technology
  • 15. In order to determine if the vulnerability is an exploitable threat, one must prove that it is reachable on the execution path given some user supplied input. The exploitability is dependent upon the control flow logic on the paths between the external input and targeted exploitable routines. The diagram below illustrates this idea, in this case showing control flow inclusive of packet acceptance and the basic block where a vulnerable API function is used. To narrow the scope of exploitable code, we consider its attack trees. … Exploitability Implies Reachability Parsing & validation logic on path between recv and strcpy copyright c March 9 2010 McCabe Technology
  • 16. What is An Attack Tree? An Attack Tree is a set of paths connecting a specific attack surface and specific attack target. Attack Tree is also known as “And/Or Trees”. The history of the Attack Tree can be traced back to the Fault Tree developed by Bell Labs and the U.S. Air Force in 1960s. The software related application of Fault Tree is also known as Threat Tree, which is an excellent tool for modeling a particular attack scenario. McCabe IQ uses the McCabe Design Complexity Metrics, visual subtree graphs, subtree test conditions and code coverage as Attack Trees. McCabe Design Complexity metrics are typically calculated rooted at the input node of the attack surface. copyright c March 9 2010 McCabe Technology
  • 17. Applying McCabe Design Complexity to Attack Trees Definition: module design complexity of a module is a measure of the decision structure which controls the invocation of the module’s immediate subordinate modules. It is a quantification of the testing effort of a module as it calls its subordinates. The module design complexity is calculated as the cyclomatic complexity of the reduced graph. Reduction is completed by removing decisions and nodes that do not impact the calling control of the module over its subordinates. McCabe Design complexity metrics should be calculated by rooting at the input acceptance node. The McCabe Design complexity metrics and subtrees can be used to understand and test Attack Trees within the source code. copyright c March 9 2010 McCabe Technology
  • 18. How do you assess complexity & test effort for component design? S1 = S0 - n + 1= 12 - 7 + 1 = 6 By measuring the integration paths in its modules Integration complexity S1 copyright c March 9 2010 McCabe Technology
  • 19. McCabe System Design Complexity Attack Tree copyright c March 9 2010 McCabe Technology