secure coding handling input carefully and securely in...
TRANSCRIPT
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
1 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
Separate Processes in Memory
App 1
App 2
App 3
Separate Storage Locations
APPS HAVE…
PREREQUISITE Prior to completing this lab, students should have a basic understanding of how Android security works, be familiar with the Android Manifest.xml file, and how to process input in Android. Resources that may be helpful to students who need a review of Android security:
Dr. Jules White, from Vanderbilt University, developed a series of 22 YouTube videos on Android Security and Secure Coding Techniques
Android Application Secure Design/Secure Coding Guidebook, Japan Smartphone Security Association (JSSA) developed an easy to understand overview of guidelines for Android secure coding. Chapter 3 (pages 36-50) may be very helpful for students new to Android security.
Research how to push a file to the Android Emulator (to simulate a local app file)
o In general terms: Open your app Start the Android emulator While the emulator is loading (run or debug), go to Android
Device Monitor. The emulator must be running to push a file. Select the emulator you are running. Click on the icon to push a file to the emulator in the appropriate app folder:
data/data/packageName SUMMARY Lab 1 in this series of Java and Android secure coding modules investigated three security vulnerabilities. One of these was improper input validation in Java. This topic will be revisited with respect to Android. As with Java, any input data in Android, directly and indirectly from outside sources, should be properly validated. Per the Japan Smartphone Security Association’s Android Application Secure Design/Secure Coding Guidebook, “Validating input data is the easiest and most effective secure coding method.” RISK An Activity in Android may receive data from an Intent and if modified or creatively composed by an attacker can present a threat to the Android application. Data that is received with an unanticipated format or value may introduce unforeseen consequences in an application causing a security threat.
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
2 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
GUIDELINES AND RECOMMENDATIONS FOR ANDROID SECURE DESIGN AND SECURE CODING The following guidelines and guidance materials address secure coding relative to Android Secure Coding:
Android Application Secure Design/Secure Coding Guidebook, Japan Smartphone Security Association (JSSA)
Basic Knowledge of Secure Design and Secure Coding, Chapter 3 (pages 36-50) o Android Application Security o Handling Input Data Carefully and Securely
CERT Introduction to Android-Only Rules
Rules and Guidelines Applicable Only to the Android Platform (DRD)
OVERVIEW OF TOPIC Developers should take caution to validate any data coming from internal and external source. For example:
Validate the format of the data.
Validate the scope of the data.
Verify the code which handles an unexpected format or value behaves correctly. This laboratory exercise will review an example of this.
LABORATORY REVIEW 1. Research and study the concept of input validation in Android. You may find it useful to review Android
textbooks you have used and the resources mentioned above in this handout.
2. The exercise presented here has been fashioned after an example found in the Android Application Secure Design/Secure Coding Guidebook developed by the Japan Smartphone Security Association (JSSA). The example illustrates insufficient (improper) input validation in an Activity which receives data from an Intent.
A small file of data was created and pushed to the Android Emulator. The records represent data from a Customer.csv file. The data includes: customer ID, last name, first name, email address, user ID, bank balance, and password. 3 records are shown below.
617622,Thomas,Regina,[email protected],Therwaseld,6812.2,boorish62
139016,Friend,Lila,[email protected],Womilorge,3525.32,daughter39
590106,Tighe,Allan,[email protected],Ourighter,2225.75,hope75
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
3 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
3. The Customer.csv file was pushed to the Emulator to simulate a local file on an Android device. The file was
placed in following directory: data/data/net.ctucker.inputvalidation
4. Unrelated to the file, an activity was created to allow a user to enter a URL address and display the contents of the
associated web page (HTML code) in a TextView control.
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
4 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
5. The following is sample code designed to display a remote web page (HTML code) in a TextView object.
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
5 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
6. Let’s run the Android app to see if it catches an improperly composed URL. The user types in a URL without
a protocol and receives an error message about an improperly formed URL. It is apparent the app uses
SOME input validation.
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
6 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
7. Correcting the previous error and using the HTTP protocol, the user types in a valid URL
(http://www.bluegrass.kctcs.edu) and the HTML code (partionally) for the webpage is displayed in the
TextView control.
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
7 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
8. What if the user is attempts to read a local file using the FILE protocol. Remember the Customer.csv file
pushed to the emulator?
The user can see that too! Refer to the image below.
The URL is a properly formed URL, however, the intent of the app was not to access and display the contents
of local files. The app should also verify that that the protocol is HTTP. This presents a major security flaw.
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
8 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
HOMEWORK ASSIGNMENT: 1. Research ways to produce the following if the user enters a URL with a protocol other than HTTP:
DISCUSSION QUESTIONS: 1. In your own words, describe the security vulnerability demonstrated in the programming example presented
in this handout. Why is this a problem? Does the programmer have a responsibility to avoid such things? 2. Visit the acm.org website and find examples of professional code of ethics for computer scientists. In your
own words, describe what you found. How are the code of ethics you found related to secure coding?
Bluegrass Community and Technical College Computer & Information Technologies
Secure Coding – Handling Input Carefully and Securely in Android
9 This is a secure coding laboratory exercise in a
series of 6 labs prepared by Prof. Cindy S. Tucker
3. Research Android Secure coding a bit further. Provide 3 other examples of how improper input validation could allow security flaws in Android apps.
DELIVERABLES: Submit the answers to the Discussion Questions as directed by your instructor.