chapter 2. core defense mechanisms. fundamental security problem all user input is untrusted
TRANSCRIPT
![Page 1: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/1.jpg)
Chapter 2.Core Defense Mecha-
nisms
![Page 2: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/2.jpg)
Fundamental security problem
All user input is untrusted.
![Page 3: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/3.jpg)
Defense mechanisms
• Handling user access– To prevent users from gaining unauthorized
access
• Handling user input– To prevent malformed input from causing
undesirable behavior
• Handling attackers– To frustrate the attacker
• Managing application itself– Enable to monitor and configure
![Page 4: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/4.jpg)
Handling User Access
• Categories of user– Anonymous users– Ordinary authenticated users– Administrative users
• Related security mechanisms– Authentication– Session management– Access control
![Page 5: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/5.jpg)
Authentication
• Conventional authentication model– Username and password
• Supplemented by– Additional credentials– Multistate login process
• Examples– Client certificates, smartcards, or challenge-
response tokens
• Defects enable to gain unauthorized ac-cess to sensitive data and functionality.
![Page 6: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/6.jpg)
Session Management
• Session : a set of data structures– Used to track the state of the users
• Token identifying the session– Unique string mapping to the session– Browser automatically submits this back.– HTTP cookies, hidden form fields, URL
query string for this purpose– Expired after a given period
• Dependent on security of its tokens
![Page 7: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/7.jpg)
Access Control
• Correct decision– whether each request should be permit-
ted or denied
![Page 8: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/8.jpg)
Handling User Input
• Submitting unexpected input, crafted to cause behavior that was not in-tended
• Must handle user input in a safe manner
• Input-based vulnerabilities can arise anywhere.
![Page 9: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/9.jpg)
Varieties of Input
![Page 10: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/10.jpg)
Approaches to Input Handling
• “Reject Known Bad”• “Accept Known Good”• Sanitization• Safe Data Handling• Semantic Checks
![Page 11: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/11.jpg)
Boundary Validation
![Page 12: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/12.jpg)
Multistep Validation and Canonicalization
<script>
<scr<script>ipt>
<scr”ipt>
%27
%%2727
![Page 13: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/13.jpg)
• Diffcult• To perform sanitization steps recur-
sively
![Page 14: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/14.jpg)
Handling Attackers
• To handle and react to attacks• Measures– Handling errors–Maintaining audit logs– Alerting administrators– Reacting to attacks
![Page 15: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/15.jpg)
Handling Errors
![Page 16: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/16.jpg)
Maintaining Audit Logs
• Key events– All events relating to the authentication
functionality– Key transactions– Access attempts– Any request containing known attack strings
• In online banks, logged in full• For effectiveness, record time, IP ad-
dress, session token, user account
![Page 17: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/17.jpg)
Figure 2-7. Poorly protected application logs con-taining sensitive information submitted by other
users
![Page 18: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/18.jpg)
Altering Administrators
• Anomalous events monitored by alert-ing mechanism– Usage anomalies– Business anomalies– Requests containing known attack strings– Requests where data that is hidden from
ordinary users has been modified
• Firewall, Intrusion Detection Product– Signature-based and anomaly-based rules
![Page 19: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/19.jpg)
Reacting to Attacks
• By responding increasingly slowly to the attacker’s requests
• By terminating the attacker’s session• By requiring him to log in or perform
other steps before continuing the at-tack
• Effective defense-in-depth measure can reduce the likelihood.
![Page 20: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/20.jpg)
Managing the Applica-tion
• Administrative functions are imple-mented within the application itself through the same web interface as its core non-security functionality.
![Page 21: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/21.jpg)
Chapter Summary
• Defects in the security mechanism often lead to complete compromise of the application, enabling you to access data belonging to other users, perform unauthorized actions, and in-ject arbitrary code and commands.
![Page 22: Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted](https://reader031.vdocuments.us/reader031/viewer/2022013004/56649eb55503460f94bbe53f/html5/thumbnails/22.jpg)
Thank you