chapter 2. core defense mechanisms. fundamental security problem all user input is untrusted
TRANSCRIPT
Chapter 2.Core Defense Mecha-
nisms
Fundamental security problem
All user input is untrusted.
Defense mechanisms
• Handling user access– To prevent users from gaining unauthorized
access
• Handling user input– To prevent malformed input from causing
undesirable behavior
• Handling attackers– To frustrate the attacker
• Managing application itself– Enable to monitor and configure
Handling User Access
• Categories of user– Anonymous users– Ordinary authenticated users– Administrative users
• Related security mechanisms– Authentication– Session management– Access control
Authentication
• Conventional authentication model– Username and password
• Supplemented by– Additional credentials– Multistate login process
• Examples– Client certificates, smartcards, or challenge-
response tokens
• Defects enable to gain unauthorized ac-cess to sensitive data and functionality.
Session Management
• Session : a set of data structures– Used to track the state of the users
• Token identifying the session– Unique string mapping to the session– Browser automatically submits this back.– HTTP cookies, hidden form fields, URL
query string for this purpose– Expired after a given period
• Dependent on security of its tokens
Access Control
• Correct decision– whether each request should be permit-
ted or denied
Handling User Input
• Submitting unexpected input, crafted to cause behavior that was not in-tended
• Must handle user input in a safe manner
• Input-based vulnerabilities can arise anywhere.
Varieties of Input
Approaches to Input Handling
• “Reject Known Bad”• “Accept Known Good”• Sanitization• Safe Data Handling• Semantic Checks
Boundary Validation
Multistep Validation and Canonicalization
<script>
<scr<script>ipt>
<scr”ipt>
%27
%%2727
• Diffcult• To perform sanitization steps recur-
sively
Handling Attackers
• To handle and react to attacks• Measures– Handling errors–Maintaining audit logs– Alerting administrators– Reacting to attacks
Handling Errors
Maintaining Audit Logs
• Key events– All events relating to the authentication
functionality– Key transactions– Access attempts– Any request containing known attack strings
• In online banks, logged in full• For effectiveness, record time, IP ad-
dress, session token, user account
Figure 2-7. Poorly protected application logs con-taining sensitive information submitted by other
users
Altering Administrators
• Anomalous events monitored by alert-ing mechanism– Usage anomalies– Business anomalies– Requests containing known attack strings– Requests where data that is hidden from
ordinary users has been modified
• Firewall, Intrusion Detection Product– Signature-based and anomaly-based rules
Reacting to Attacks
• By responding increasingly slowly to the attacker’s requests
• By terminating the attacker’s session• By requiring him to log in or perform
other steps before continuing the at-tack
• Effective defense-in-depth measure can reduce the likelihood.
Managing the Applica-tion
• Administrative functions are imple-mented within the application itself through the same web interface as its core non-security functionality.
Chapter Summary
• Defects in the security mechanism often lead to complete compromise of the application, enabling you to access data belonging to other users, perform unauthorized actions, and in-ject arbitrary code and commands.
Thank you