Chapter 2.Core Defense Mecha-

nisms

Fundamental security problem

All user input is untrusted.

Defense mechanisms

• Handling user access– To prevent users from gaining unauthorized

access

• Handling user input– To prevent malformed input from causing

undesirable behavior

• Handling attackers– To frustrate the attacker

• Managing application itself– Enable to monitor and configure

Handling User Access

• Categories of user– Anonymous users– Ordinary authenticated users– Administrative users

• Related security mechanisms– Authentication– Session management– Access control

Authentication

• Conventional authentication model– Username and password

• Supplemented by– Additional credentials– Multistate login process

• Examples– Client certificates, smartcards, or challenge-

response tokens

• Defects enable to gain unauthorized ac-cess to sensitive data and functionality.

Session Management

• Session : a set of data structures– Used to track the state of the users

• Token identifying the session– Unique string mapping to the session– Browser automatically submits this back.– HTTP cookies, hidden form fields, URL

query string for this purpose– Expired after a given period

• Dependent on security of its tokens

Access Control

• Correct decision– whether each request should be permit-

ted or denied

Handling User Input

• Submitting unexpected input, crafted to cause behavior that was not in-tended

• Must handle user input in a safe manner

• Input-based vulnerabilities can arise anywhere.

Varieties of Input

Approaches to Input Handling

• “Reject Known Bad”• “Accept Known Good”• Sanitization• Safe Data Handling• Semantic Checks

Boundary Validation

Multistep Validation and Canonicalization

<script>

<scr<script>ipt>

<scr”ipt>

%27

%%2727

• Diffcult• To perform sanitization steps recur-

sively

Handling Attackers

• To handle and react to attacks• Measures– Handling errors–Maintaining audit logs– Alerting administrators– Reacting to attacks

Handling Errors

Maintaining Audit Logs

• Key events– All events relating to the authentication

functionality– Key transactions– Access attempts– Any request containing known attack strings

• In online banks, logged in full• For effectiveness, record time, IP ad-

dress, session token, user account

Figure 2-7. Poorly protected application logs con-taining sensitive information submitted by other

users

Altering Administrators

• Anomalous events monitored by alert-ing mechanism– Usage anomalies– Business anomalies– Requests containing known attack strings– Requests where data that is hidden from

ordinary users has been modified

• Firewall, Intrusion Detection Product– Signature-based and anomaly-based rules

Reacting to Attacks

• By responding increasingly slowly to the attacker’s requests

• By terminating the attacker’s session• By requiring him to log in or perform

other steps before continuing the at-tack

• Effective defense-in-depth measure can reduce the likelihood.

Managing the Applica-tion

• Administrative functions are imple-mented within the application itself through the same web interface as its core non-security functionality.

Chapter Summary

• Defects in the security mechanism often lead to complete compromise of the application, enabling you to access data belonging to other users, perform unauthorized actions, and in-ject arbitrary code and commands.

Thank you