A Coggle Diagram about
When do vulnerabilities get into software?
all phases of the software development process
, Software security is central to both
IT security and
, Secure Software Engineering vs. Secure Systems Engineering
- Secure systems need more than secure software
- e.g. Secure hardware, Secure organization, ...
, Most vulnerabilities caused by careless programming
, A secure program is usually also a correct program
, Security vs. safety
(angriffssicher vs. ausfallsicher)
Preventing undesirable actions of the system
Main difference: Guarding against bad luck vs. guarding against an intelligent attacker
"Security is protecting the system from the environment, while safety is protecting the environment from the system"
and Sicherheitsfragen während der Analyse
-- Wie sieht die Umgebung des Systems aus? (Bedrohungen und Annahmen)
-- Wer sind die Akteure?
-- Was sind die zu schützenden Objekte?
-- Welche Rechte sollte welcher Akteur für welches Objekt besitzen?
-- Welche Angriffe sollten erwartet werden, und was sind die Gegenmaßnahmen?
(Attacks and Countermeasures)
, Threat analysis
, Risk estimation
, between requirements and architecture:
At any time while refining an architecture,
security-relevant refinements may emerge;
these need a "recursive" threat analysis of their own
, Using the results
- Start looking for mitigations only after all threats have been identified and their risk estimated
- Make all identified mitigations a requirement
- Archive all threats and mitigations to prevent forgetting them in a later version of the system
- Use knowledge gained during threat analysis to guide later inspections and testing
, Exercise 5
-- Statements about data flow diagrams
-- Attack tree for hijacking access to a web site
-- Finding threats using STRIDE
and When is threat analysis finished?
When all items in the rough architecture have been considered.
), Security in architecture and design
(Probeklausur, Aufgaben: 5 + 6 + 7)
, Quality assurance
, Exercise 10
- Analysis of Black-box Web Vulnerability Scanners
- limits of automatic black-box scanners
- Finding a vulnerability in source code
and security quality assurance axiom:
es ist unmöglich für alle praktischen Fälle zu beweisen, dass ein Programm keine Schwachstellen enthält
), Vulnerabilities in software
, Security requirements and policy
, Process models
Comprehensive Light-weight Application Security Process
, Agile security?
"Agile manifesto" (2001), operationalizing the following 4 weighting statements:
- Individuals and interactions over processes and tools
- Working software over comprehensive documentation
- Customer collaboration over contract negotiation
- Responding to change over following a plan ("agile"!)
and Security should be integrated all over the development process
(What makes security difficult
, Security and functionality
, Research issues in secure software engineering
-- Provide better reusable building blocks
-- Define security-preserving mappings between security specifications at different levels
-- Tools for policy creation, analysis, test, and verification
-- Specification of security properties of services
-- Find more intuitive security models to improve usability
and Present and future of software security
-- Security only recently been recognized as a software engineering problem
-- Even with today‘s techniques, software could be much better than it currently is, if only these were universally applied
Yee's ten principles of secure user interface design