SQL Injection

Your code is vulnerable to SQL injection attacks wherever it uses input parameters
to construct SQL statements.



The following process helps you locate SQL injection vulnerabilities:


1. Look for code that accesses the database. Scan for the strings “SqlCommand,” “OleDbCommand,” or “OdbcCommand.”




2. Check that your code uses parameters in SQL statements.
If you do not use stored procedures, check that your code uses parameters in the
SQL statements it constructs, as shown in the following example:

select status from Users where UserName=@userName
Check that the following approach is not used, where the input is used directly to
construct the executable SQL statement using string concatenation:


String sql = "select status from Users where UserName='"+ txtUserName.Text + "'";


3. Check whether or not your code attempts to filter input.

A common approach is to develop filter routines to add escape characters to
characters that have special meaning to SQL. This is an unsafe approach, and you
should not rely on it because of character representation issues.

Code Review

Code reviews should be a regular part of your development process. Security code
reviews focus on identifying insecure coding techniques and vulnerabilities that
could lead to security issues. The review goal is to identify as many potential security
vulnerabilities as possible before the code is deployed. The cost and effort of fixing
security flaws at development time is far less than fixing them later in the product
deployment cycle.

Securing your network

An attacker looks for poorly configured network devices and exploit.

High-Level Network Threats

1. Information gathering


2. Sniffing


3. Spoofing


4. Session Hijacking


5. Denial of Service

Information gathering

Information gathering can reveal detailed information about network topology,System configuration, and network devices.

Sniffing :

Sniffing is an act of network monitoring for traffic data.There are lot many packet sniffing tools are available to monitor the network.(Ex :ethereal)

Spoofing :

Spoofing means hide one's own identity. A fake source address is used for attack the target.

Session Hijacking:

The session hijacking, also known as man in the middle attacks, the attacker uses an
application that masquerades as either the client or the server.

Denial of Service:

A Denial of Service attack is the act of denying users to access the server or services.

Snapshot of a Secure Network:

Router :

• Patches and Updates of Router operating system is patched with up-to-date software.

Protocols :

• Unused protocols and ports are blocked.
• Ingress and egress filtering is implemented.
  ICMP traffic is screened from the internal network.
• TTL expired messages with values of 1 or 0 are blocked (route tracing is
  disabled).
• Directed broadcast traffic is not forwarded.
• Large ping packets are screened.
• Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router.

Administrative access:

• Unused management interfaces on the router are disabled.
• A strong administration password policy is enforced.
• Static routing is used.
• Web-facing administration is disabled

Services:

• Unused services are disabled.

Auditing and Logging :

• Logging is enabled for all denied traffic.
• Logs are centrally stored and secured.
• Auditing against the logs for unusual patterns is in place.

Intrusion detection :

• IDS is in place to identify and notify of an active attack.
  

Network ACLs :

• The network is structured so ACLs can be placed on hosts and networks.
  

Web Application Vulnerablilites

Web Application Vulnerabilities and Potential Problem Due to Bad Design

1. Input Validation: Attacks performed by embedding malicious strings in query strings, form fields ,cookies , and Http headers. (Command execution,cross-site scripting(XSS),SQL injection ,buffer overflow attacks).
2. Authentication : spoofing,password cracking, and unauthorized access.
3. Authorization : Access to confidential or restricted data,tampering and execution of unauthorized operations
4. Configuration Management : Unauthorized access to administrative interfaces,unauthorized access to user accounts and profiles.
5. Sensitive Data : Information disclosure and data tampering
6. Auditing Logging : Failure to identify the intrusion,difficulties of identification
7. Session Management : Capturing the session and hijacking them
8. Cryptography : Breaking the Encrypted data by using encrypt and decrypt algorithms
9. Exception Management : Handling the exceptions if the exceptions are not handled properly there may be a chance to crash the application.

Buffer Overflows Stack and Heap Manupulation

Many overflows occur when the program receives more data than it expects . The types of overflows are

1. Stack overflows .
2. Integer overflows.
3. Heap overruns.
4. Format string attacks.

• Stack overflows : occur when variable size data is copied into fixed length buffers located on the program stack without any bounds checking.


• Integer overflows: Integer overflows occur when a specific data type or CPU register meant to hold values within a certain range is assigned a value outside that range.


• Heap overruns: Heap overrun occurs when data is written on outside of the space(Heap)


• Format string attacks :Format string attacks occur when the %n parameter of the format string is used to write data outside the target buffer

What is the meaning for Security

Security is fundamentally about protecting assets.

The Foundations of Security :

1. Authentication : Authentication addresses Who are you?
2. Authorization : Authorization addresses what can you do?
3. Auditing : Effective Auditing is the key to non-reputation.
4. Confidentiality : Confidentiality is also referred to as privacy.
5. Integrity : Integrity is the guarantee for that the data is protected.
6. Availability : Availability means the system remains available for legitimate users.

Threat Modeling

To protect your applications from hackers and intruders you have to understand the threats to your applications

Threat model has three distinct

1. Description of the security issues designer cares about.
2. Description of a set of security aspects.
3. Determining threats

Before you start the threat modeling you should understand the following basic terminology

1. Asset : A resource of value such as a data in the data base or a file system .
2. Threat: A potential occurrence
3. Vulnerability : A weakness in some aspect ,vulnerability may exist at the network ,host, application levels
4. Attack: An Action taken by some one following through the threat or vulnerability.
5. Countermeasure : A safeguard that addresses a threat and mitigates the risk.

Threat Modelling Process:

1. Identify the assets : Identify the valuable assets that your system can protect.
2. Create an Architecture Overview: Use simple diagrams and tables to document the architecture of the application.
3. Decompose the Application: Decompose the architecture of the application including the underlying network and host infrastructure.
4. Identify the threats: Identify the threat that could affect the application.
5. Document the threats: Document the threats using common threat template.
6. Rate the threats : Rate the threats and prioritize the most significant threat first.

Threat model has become an integral part of Microsoft's SDL (Security Development Life Cycle). For more details about threat modeling please visit :

http://msdn.microsoft.com/en-us/security/aa570411.aspx.

Threat Modeling Tool :

The threat modeling tool allows the user to create a threat model documents for application.

For more details for download please visit:

http://www.microsoft.com/downloads/details.aspx?familyid=62830f95-0e61-4f87-88a6-e7c663444ac1&displaylang=en

An Approach to Security Testing

Security testing is a kind of test which identifies vulnerabilities and security issues on an application.It is very important that understand the general approach to security testing.whis as follows

1. Understand what you are testing
2. Implement your ideas to find vulnerabilities on target
3. Think like an attacker or a hacker
4. Use some tools to identify the target defects(opensource,commercial)

Introduction

Learn how to think like an attacker—and identify potential security issues in your software.This is a discussion forum for the people who is learning about Security testing.