finalized text catergorization

Dataset/SE1234/000001.txt

-Types of attacks
-• Categorisation of attacks (and goals of attacks)
-that may be made on system.
-• Five main areas:
-– leakage: information leaving system.
-– tampering: unauthorised information altering.
-– resource stealing: illegal use of resources.
-– vandalism: disturbing correct system operation.
-– denial of service: disrupting legitimate system use.
-
-• Used to specify what the system is secure
-against.
-7
-
-Methods of Attack
-• Eavesdropping: Obtaining message copies without
-authority.
-• Masquerading (Spoofing): Using identity of another
-SE1234
\ No newline at end of file

Dataset/SE1234/000022.txt

-
-
-How to get a certificate?
-• Gen private key
-• Gen cert signing req (CSR)
-• Send CSR to certificate authority (CA)
-• CA issues signed cert
-• Cert -> metadata, public key, signed by CA
-• CAs – GoDaddy, Verizon, let’s encrypt
-• CA signed, self signed
-
-
-
-Self signed cert
-• https://www.sslshopper.com/article-most-commonjava-keytool-keystore-commands.html
-
-
-
-
-
-
-SE1234
-Host name verification
\ No newline at end of file

Dataset/SE1234/000023.txt

-
-
-
-Demo
-• Enabling TLS on Apache
-https://tomcat.apache.org/tomcat-7.0-doc/sslhowto.html
-
-https://www.sslrenewals.com/blog/google-will-showerror-in-chrome-56-for-sha1-certificates
-
-
-
-• Cipher suites
-• Certificate chaining
-• TLS 1.1 or higher
-• Browser compatibility
-• TestSSLServer https://www.bolet.org/TestSSLServer/TestSSLServer.ja
-r
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000024.txt

-
-
-
-
-Authorization
-Server
-3. Authz response (access token)
-User
-Agent
-
-Authorize
-endpoint
-2. Authz request
-22
-
-Resource Owner Password Credentials
-(password)
-Client App
-
-3. Token response
-(access token)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-SE1234

Dataset/SE1234/000025.txt

-
-
-
-
-Load balancers with TLS
-• Session stickiness or session replication
-• Trusted vs untrusted load balancers
-• SSL/TLS Bridging/Terminating
-• SSL/TLS Tunneling/Pass-through
-
-
-
-
-
-
-
-
-
-
-SE1234
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file

Dataset/SE1234/000028.txt

-
-
-
-
-Demo
-• Behavioral state changing operation with CSRF
-attack – WSO2 identity server
-
-
-
-Preventing
-• GET – Only non-state changing (ok to just use
-session cookie)
-• POST, PUT, DELETE – State changing (use
-tokens in addition to session cookie)
-
-• State changing (modify data or change
-behavior)
-
-
-
-
-
-
-
-
-
-SE1234

Dataset/SE1234/000029.txt

-
-
-Preventing
-• Synchronizer token pattern
-
-• Double submit cookies
-• Remove/Don’t use default session cookies
-•
-• OWASP CSRFProject
-
-
-
-Demo
-• WSO2 Identity server – synchronizer token
-pattern
-
-My-app
-Root cause – displaying the input params
-directly in the output page
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000035.txt

-
-Google inurl:.lk inurl:.php inurl:.?id=
-
-.
-
-https://www.binarytides.com/sqlmap-hackingtutorial/
-
-
-
-Web Security – OWASP Top 10
-
-.
-
-OWASP Top 10
-• 2013
-• https://www.owasp.org/images/f/f8/OWASP_
-Top_10_-_2013.pdf
-• 2017
-• https://www.owasp.org/images/7/72/OWASP
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000042.txt

-Secure Software Development with
-3rd Party Dependencies
-Tharindu Edirisinghe, WSO2
-tharindue.blogspot.com
-@thariyarox
-https://lk.linkedin.com/in/ediri
-
-Colombo Security Meetup - 15th June 2016
-http://www.meetup.com/colombo-security-meetup/events/231681389/
-
-ediri@live.com
-
-What is a 3rd Party Library ?
-
-A reusable software component developed to be either freely distributed or sold by
-an entity other than the original vendor of the development platform.
-The third-party software component market thrives because many programmers
-believe that component-oriented development improves the efficiency and the
-quality of developing custom applications. Common third-party software includes
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000043.txt

-macros, bots, and software/scripts to be run as add-ons for popular developing
-software.
-Source : https://en.wikipedia.org/wiki/Third-party_software_component
-
-Using 3rd Party Components in Software Development
-
-Java project dependencies in IntelliJ Idea
-
-C# project dependencies in
-Microsoft Visual Studio
-
-Direct 3rd Party Dependencies
-The external software components (developed by some other organization/s) that
-your project depends on.
-
-Direct 3rd Party Dependencies with Known Vulnerabilities
-The external software components (developed by some other organization/s) with
-known vulnerabilities that your project depends on.
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000044.txt

-Transitive 3rd Party Dependencies
-The software components that your external dependencies depend on.
-
-Transitive 3rd Party Dependencies with Known Vulnerabilities
-The software components with known vulnerabilities that your external
-dependencies depend on.
-
-Common Vulnerabilities and Exposures (CVE)
-What is CVE ?
-CVE is a list of information security vulnerabilities and exposures that aims to
-provide common names for publicly known cyber security issues. The goal of CVE
-is to make it easier to share data across separate vulnerability capabilities (tools,
-repositories, and services) with this "common enumeration."
-Who owns CVE ?
-CVE is sponsored by US-CERT (United States Computer Emergency Readiness
-Team) the office of Cybersecurity and Communications at the U.S. Department of
-Homeland Security.
-Source : https://cve.mitre.org/about/faqs.html
-
-
-
-
-
-
-
-
-
-SE1234

Dataset/SE1234/000045.txt

-CVE Example
-ID : CVE-2015-5262
-Overview :
-http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents
-HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during
-an SSL handshake, which allows remote attackers to cause a denial of service
-(HTTPS call hang) via unspecified vectors.
-Severity: Medium
-CVSS Score: 4.3
-Source : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
-
-Common Vulnerability Scoring System (CVSS)
-CVSS provides a way to capture the principal characteristics of a vulnerability, and
-produce a numerical score reflecting its severity, as well as a textual
-representation of that score. The numerical score can then be translated into a
-qualitative representation (such as low, medium, high, and critical) to help
-organizations properly assess and prioritize their vulnerability management
-processes.
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000046.txt

-Source : https://www.first.org/cvss/specification-document
-
-National Vulnerability Database (NVD)
-NVD is the U.S. government repository of standards based vulnerability
-management data represented using the Security Content Automation Protocol
-(SCAP). This data enables automation of vulnerability management, security
-measurement, and compliance. NVD includes databases of security checklists,
-security related software flaws, misconfigurations, product names, and impact
-metrics.
-
-Source : https://nvd.nist.gov/
-
-Using 3rd Party Dependencies Securely - The Big Picture
-All the 3rd party dependencies (including 3rd party transitive dependencies)
-should be checked in NVD for identifying vulnerabilities.
-
-NVD
-
-CVE-2015-5262
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000047.txt

-CVE-2014-3577
-CVE-2012-6153
-
-In-house Development
-
-3rd Party Dependencies
-
-Veracode : Software Composition Analysis (SCA)
-
-Source : https://www.veracode.com/products/software-composition-analysis
-
-Source Clear (SRC:CLR)
-
-Source : https://srcclr.com/
-
-OWASP Dependency Check
-Dependency-Check is a utility that identifies project dependencies and checks if
-there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET,
-Ruby, Node.js, and Python projects are supported; additionally, limited support for
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000048.txt

-C/C++ projects is available for projects using CMake or autoconf. This tool can be
-part of a solution to the OWASP Top 10 2013 A9 - Using Components with Known
-Vulnerabilities.
-Source : https://www.owasp.org/index.php/OWASP_Dependency_Check
-
-OWASP Dependency Check - Useful Resources
-Official Website
-https://www.owasp.org/index.php/OWASP_Dependency_Check
-Vulnerability Detection
-http://dontpanic.42.nl/2014/06/checking-framework-vulnerabilities.html
-Command Line Tool (CLI)
-https://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html
-Suppressing False Positives
-https://jeremylong.github.io/DependencyCheck/general/suppression.html
-Continuous Vulnerability Detection with Jenkins Integration
-https://medium.com/@PrakhashS/checking-vulnerabilities-in-3rd-party-dependencies-using-owasp-dependency-checkplugin-in-jenkins-bedfe8de6ba8#.cvgwcptjm
-
-OWASP Dependency Check - Demo
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000049.txt

--
-
-Using Maven plugin for Java based projects
-
--
-
-Using Command Line (CLI) tool for identifying vulnerable dependencies
-
--
-
-Analyzing generated reports
-
--
-
-Suppressing vulnerabilities for avoiding false positives
-
--
-
-Dependency Check integration with Jenkins
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000050.txt

-
-Continuous Vulnerability Management in a Corporate Environment
-NVD
-
-Engineering Management
-
-Vulnerability
-Analysis Report
-Vulnerability
-Analysis Report
-
-Request for using
-3rd Party
-Dependency
-Approval
-
-Engineering
-
-Development Team
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000051.txt

-
-Builder
-Process
-
-QA Team
-
-Getting Rid of Vulnerable Dependencies
--
-
-Upgrade direct 3rd party dependencies to a higher version
-
--
-
-For transitive dependencies, check if the directly dependent component has a higher version that depends on a safer
-version of the transitive dependency.
-
--
-
-Contact the developers of the component and get the issue fixed.
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000052.txt

-
-NVD
-
-CVE-2015-5262
-CVE-2014-3577
-CVE-2012-6153
-
-In-house Development
-
-3rd Party Dependencies
-
-Security in Software Development Life Cycle (SDLC)
-
-Source : https://www.checkmarx.com/glossary/a-secure-sdlc-with-static-source-code-analysis-tools/
-
-Challenges : Handling False Positives
-Even though the vulnerability analysis tools report that there are vulnerabilities in a
-3rd party dependency, there can be cases where those are not applicable to your
-product because of the way you have used that software component.
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000053.txt

-
-Image Source : http://www.123rf.com/photo_30641222_doctor-is-checking-a-fat-man-shoot-in-the-hospital.html
-
-Challenges : Handling False Negatives
-Even though the vulnerability analysis tools reports that your external
-dependencies are safe to use, still there can be unknown vulnerabilities.
-
-Image Source : http://www.whattoexpect.com/pregnancy/pregnancy-health/monthly-doctor-visits-during-pregnancy.aspx
-
-Summary
--
-
-Identify the external dependencies of your projects
-
--
-
-Identify the vulnerabilities in the dependency software components.
-
--
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000054.txt

-
-Analyze the impact
-
--
-
-Remove false positives
-
--
-
-Prioritize the vulnerabilities based on the severity
-
--
-
-Get rid of vulnerabilities (upgrade versions, use alternatives)
-
--
-
-Provide patches to your products
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000055.txt

-Thank you !
-tharindue.blogspot.com
-@thariyarox
-https://lk.linkedin.com/in/ediri
-ediri@live.com
-
-Authorization
-.
-Authorization/Access Control
-• Mechanism using with a system grants
-permission to access/modify some data or
-perform some action
-.
-SE4030 | Secure Software Development | Authorization | Dharshana Kasthurirathna
-
-SE4030 | Secure Software Development | Authorization | Dharshana Kasthurirathna
-
-• Directive Controls – Designed to establish
-desired outcomes
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000056.txt

-• Deterrent controls – Designed to discourage
-an attacker
-• Preventive controls – Designed to prevent an
-attack from happening
-• Compensating controls – Designed to
-compensate for a risk that’s too difficult to
-address.
-• Detective controls – Designed to detect an
-attack while it is happening
-• Corrective controls – Designed to mitigate the
-damage once an attack/intrusion has taken
-place
-• Recovery controls – Designed to bring back a
-system to its normal operational state
-.
-SE4030 | Secure Software Development | Authorization | Dharshana Kasthurirathna
-
-Data Access Control
-.
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000057.txt

-SE4030 | Secure Software Development | Authorization | Dharshana Kasthurirathna
-
-SE4030 | Secure Software Development | Authorization | Dharshana Kasthurirathna
-
-SE4030 | Secure Software Development | Authorization | Dharshana Kasthurirathna
-
-ACL vs Capability list
-
-ACL List:
-• File1: (
-• File2: (
-
-(read, {user1}), (write, {user2})
-(read, {user1}), (write, {})
-)
-
-Capability List:
-• User1: (
-(read, {file1,file2}),
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000058.txt

-(write, {})
-• User2: (
-(read, { }),
-(write, {file1} )
-)
-
-)
-
-)
-.
-SE4030 | Secure Software Development | Authorization | Dharshana Kasthurirathna
-
-Service/App Authorization
-• Relevant for both data/action access control
-.
-REST
-What does it stand for?
-● REpresentational State Transfer
-What is it?
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000059.txt

-● Architectural pattern - not a standard
-Who/where/when?
-● Roy Fielding in 2001
-
-REST Principle
-How?
-HTTP
-
-Data
-Student
-s,
-Employ
-ees
-Where?
-URI
-
-What?
-XML,
-JSON
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000060.txt

-
-Stateless
-●
-●
-●
-●
-
-No state stored on the server
-Every HTTP request executes in complete isolation
-Simpler to design and evolve
-Easier to scale
-
-REST - Methods
-● Defines the action taken with a URL
-
-● Proper RESTful services expose all four
-HTTP
-Method
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000061.txt

-Action
-
-Example
-
-POST
-
-Create
-
-http://wso2.com/general/dbusers/user/
-
-GET
-
-Read
-
-PUT
-
-Update or
-Create
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000062.txt

-http://wso2.com/general/dbusers/user/sam
-
-DELETE
-
-Delete
-
-http://wso2.com/general/dbusers/user/sam
-
-http://wso2.com/general/dbusers/users
-http://wso2.com/general/dbusers/user/sam
-
-OAuth
-• Application/Service Authorization Framework
-.
-Auth Code Grant type
-• Client –> Server side web app (redirection url)
-• Client - > Auth server → backchannel call
-
-• Auth server remembers the consents
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000063.txt

-• Request params (refer the spec)
-
-• Register client app (developer portal)
-• Facebook apps
-
-Auth Code grant type demo with
-FB
-.
-IAM Patterns
-• JIT Provisioning
-• Account association
-• IAM Servers/Identity Providers
-
-Implicit grant type
-• Client –> Single page Javascript app
-• User can see the token (so better to have a
-lesser validity period)
-
-
-
-
-
-
-
-
-
-SE1234
-
-Password credentials grant type
\ No newline at end of file

Dataset/SE1234/000064.txt

-• User’s credentials are passed
-• Client has to be trusted
-
-Client credentials grant type
-• Not relevant for sharing user details
-• About sharing a shared resource in a trusted
-manner (with authorization)
-
-Refresh Tokens
-• Supported only in auth code and password grant
-types
-
-Oauth Use cases
-• e.g. upload files to Google drive – Auth code
-• e.g. Google map api – client credentials
-
-Token introspection
-• Defines the token validation process bw the
-resource server and auth server
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000065.txt

-•
-https://tools.ietf.org/html/rfc7662
-• Token introspection endpoint in AuthServer
-• Timestamp skew
-
-Token revocation
-• Client requests the Auth Server to revoke a
-token if there’s a breach
-• Auth Server – Revocation endpoint
-
-Dynamic client registration
-• To automate the client registration process
-
-Federated authorization using Identity
-providers
-
-Facebook security breach
-• View as option
-• Need to give appropriate scopes
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000066.txt

-
-
-Resource Server
-The server hosting the protected resources, capable of accepting and responding to protected resource
-requests using access tokens.
-Client
-An application making protected resource requests on behalf of the resource owner and with its authorization.
-The term "client" does not imply any particular implementation characteristics (e.g., whether the application executes
-on a server, a desktop, or other devices).
-Authorization Server
-The server issuing access tokens to the client after successfully authenticating the resource owner and
-obtaining authorization.
-
-15
-
-Roles in OAuth Framework
-Client App
-Hi5 Social
-Network
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000067.txt

-
-Resource
-Server
-Yahoo
-
-Authorization
-Server
-Yahoo
-User
-16
-
-Protocol Endpoints
-
-17
-
-Protocol Endpoints in OAuth
-Authorization endpoint
-Used by the client to obtain authorization from the resource owner via user-agent redirection.
-Token endpoint
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000068.txt

-Used by the client to exchange an authorization grant for an access token, typically with client
-authentication.
-Redirection endpoint
-Used by the authorization server to return responses containing authorization credentials to the
-client via the resource owner user-agent.
-
-18
-
-Roles in OAuth Framework
-Resource
-Server
-Yahoo
-
-Client App
-Hi5 Social
-Network
-Redirection Endpoint
-
-Authorization Endpoint
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000069.txt

-
-Token Endpoint
-
-Authorization
-Server
-Yahoo
-
-User
-19
-
-Grant Types
-
-20
-
-Authorization Code
-Resource
-Server
-
-7. access token
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000070.txt

-
-Client App
-
-6. Token response
-(access token)
-
-1. Authz
-request
-
-4. Authz
-response
-(code)
-
-5. Token
-request (code)
-
-Token
-endpoint
-3. Authz response (code)
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000071.txt

-User
-Agent
-
-Authorization
-Server
-
-Authorize
-endpoint
-2. Authz request
-21
-
-Implicit
-Client App
-
-1. Authz
-request
-
-4. Authz
-response
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000073.txt

-1. User
-credentials
-
-2. Token
-request (user
-credentials)
-
-Token
-endpoint
-
-Authorization
-Server
-
-User
-23
-
-Password Grant: Example
-
-24
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000074.txt

-
-Client Credentials
-
-Authorization
-Server
-
-1. Token request
-(client credentials)
-
-Client App
-
-2. Token response (access token)
-
-Token
-Endpoint
-
-25
-
-
-
-
-
-
-
-
-
-SE1234
-
-Refresh Tokens
\ No newline at end of file

Dataset/SE1234/000075.txt

-
-26
-
-Use of Refresh Tokens
-Login with
-Client App Facebook
-(Ebay)
-
-Token
-endpoint
-
-Token Request
-
-Facebook
-Authorization
-Server
-
-Token Response
-(access_token, refresh_token)
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000076.txt

-
-Purchase Item
-access_token
-
-Request User’s Address
-User
-
-Facebook
-Resource Server
-Email
-Shipping address
-
-27
-
-Use of Refresh Tokens
-Login with
-Client App Facebook
-(Ebay)
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000077.txt

-Token
-endpoint
-
-Token Request
-
-Facebook
-Authorization
-Server
-
-Token Response
-(access_token, refresh_token)
-
-Purchase Item
-access_token
-
-Request User’s Address
-Facebook
-Resource Server
-
-
-
-
-
-
-
-
-
-SE1234

Dataset/SE1234/000078.txt

-User
-
-ERROR: Token Expired
-
-Email
-Shipping address
-
-28
-
-Use of Refresh Tokens
-Client App
-(Ebay)
-
-Refresh Token Request
-
-Token
-endpoint
-
-Facebook
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000079.txt

-Authorization
-Server
-
-Refresh Token Response
-(new access_token, new refresh_token)
-
-Purchase Item
-New access_token
-
-Request User’s Address
-Facebook
-Resource Server
-
-User
-Address: XXXXXXXX
-
-Email
-Shipping address
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000080.txt

-29
-
-Refresh Token Grant
-
-Client App
-
-Refresh Token Request
-Refresh Token Response
-(new access_token, new refresh_token)
-
-Token
-endpoint
-
-Facebook
-Authorization
-Server
-
-OAuth 2.0
-Token Introspection
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000081.txt

-https://tools.ietf.org/html/rfc7662
-
-31
-
-Token Introspection
-Client App
-
-Facebook
-Authorization
-Server
-
-Token Request
-Token Response
-
-access_token
-
-Request User Resource
-Resource Server
-Email
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000082.txt

-Profile
-Photos
-Statuses
-
-32
-
-Token Introspection
-Client App
-
-Facebook
-Authorization
-Server
-
-Token Request
-Token Response
-
-Token
-Introspection
-Endpoint
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000083.txt

-
-access_token
-Introspection Request
-access_token
-
-Request User Resource
-Resource Server
-
-Introspection Response
-Email
-Profile
-Photos
-Statuses
-
-33
-
-Token Introspection Request
-POST /introspect HTTP/1.1
-Host: server.example.com
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000084.txt

-Accept: application/json
-Content-Type: application/x-www-form-urlencoded
-Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
-token=mF_9.B5f-4.1JqM&token_type_hint=access_token
-
-34
-
-Token Introspection Response
-Valid Token
-{
-
-Invalid Token
-{
-
-"active": true,
-"client_id": "l238j323ds-23ij4",
-"username": "jdoe",
-"scope": "read write dolphin",
-"sub": "Z5O3upPC88QrAjx00dis",
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000085.txt

-"aud": "https://protected.example.net/resource",
-"iss": "https://server.example.com/",
-"exp": 1419356238,
-"iat": 1419350238,
-"extension_field": "twenty-seven"
-}
-
-"active": false
-}
-
-35
-
-Token Introspection
-Client App
-
-Facebook
-Authorization
-Server
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000086.txt

-Token Request , scope=Profile
-Token Response
-
-Token
-Introspection
-Endpoint
-
-access_token
-Introspection Request
-access_token
-
-Give me photos
-Resource Server
-?
-
-Introspection Response
-Email
-Profile
-Photos
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000087.txt

-Statuses
-
-Active: true
-Scope: Profile
-
-36
-
-OAuth 2.0
-Token Revocation
-https://tools.ietf.org/html/rfc7009
-
-37
-
-Token Revocation Request
-Client App
-
-Facebook
-Authorization
-Server
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000088.txt

-
-Token Revocation Request
-Token Revocation Response
-
-Token
-Endpoint
-
-POST /revoke HTTP/1.1
-Host: server.example.com
-Content-Type: application/x-www-form-urlencoded
-Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
-token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token
-
-38
-
-Thank You !
-
-39
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000089.txt

-Open ID connect
-
-.
-
-JSON Web Token (JWT)
-.
-
-.
-
-.
-.
-
-.
-
-https://scotch.io/tutorials/the-anatomy-of-a-jsonweb-token
-X5t
-https://openid.net/connect/
-Oauth uses two step process to authentication
-(get the token, use the token to get the user
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000090.txt

-data)
-Open ID connect does this in a single step
-
-.
-
-Open ID scopes
-.
-
-.
-.
-
-https://openid.net/specs/openid-connect-core1_0.html
-Predefined scopes Profile, email, address, phone
-
-.
-
-IS Demo
-.
-.
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000091.txt

-.
-
-Open ID connect runs on top of OAuth
-Supports all grant types
-id_token (nonce)
-
-.
-
-Hybrid flows
-.
-
-https://openid.net/specs/openid-connect-core1_0.html
-
-.
-
-Open ID connect - SSO
-.
-
-https://auth0.com/blog/what-is-and-how-doessingle-sign-on-work/
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000092.txt

-
-.
-
-API Security
-.
-.
-.
-
-.
-
-.
-.
-
-Securely exposes Web APIs
-Throttling
-API versioning/lifecycle
-Can be used for system integration (like ESB,
-data services)
-Can be cloud based
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000093.txt

-Can be integrated with Identity providers
-(federated authentication/authorization etc)
-
-.
-
-API Security
-.
-
-Wso2 API Manager Demo
-
-.
-
-OpenID Connect:
-Building a secure login for your apps the right way!
-
-Farasath Ahamed
-
-IAM Team,
-WSO2
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000094.txt

-
-Building an App
-
-2
-
-Building an application
-● Building user signup
-● Building a login/logout mechanism
-(authentication and authorization)
-● Building reset password / recovery
-● Managing users/profiles/sessions.
-● The actual app functionality.
-
-3
-
-What do we usually do
-wrong?
-
-4
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000095.txt

-
-What do we do wrong?
-● Either consider security as an afterthought or end
-up over-engineering security.
-● Baking in authentication and authorization logic
-into the app.
-● Thinking that people will use the app as we
-want.
-
-5
-
-Common mistakes
-and
-misconceptions...
-
-6
-
-Common mistakes and misconceptions
-● Trying to implement personally developed
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000096.txt

-security measures
-â—‹ Security loopholes
-
-● Reinventing the wheel.
-â—‹ User stores
-â—‹ Social Login options
-â—‹ Libraries
-
-7
-
-Common mistakes and misconceptions
-● Not thinking about the user experience
-â—‹ Specially user signup
-â—‹ MFA
-â—‹ Not thinking about single sign on
-
-So what can we do better?
-
-8
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000097.txt

-Secure software development violations threats faults errors 
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000098.txt

-13
-
-Few more terms...
-● Identity Provider
-● Service Provider
-
-14
-
-OpenID Connect?
-
-15
-
-OpenID Connect
-● Provides a standard API for login
-â—‹ Request <-> Response
-â—‹ A verifiable token containing user identity
-(ID Token)
-â—‹ An access token that can be used to
-obtain further user information
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000099.txt

-â—‹ Access token also allows scoped
-authorization
-16
-
-OpenID Connect
-● Defines a standard mechanism for single logout
-● Provides a standard API for client registration
-● Provides a standard API for information
-discovery
-● Build with security in mind.
-● Provides an authentication + authorization layer.
-
-17
-
-The Flow
-
-18
-
-
-
-
-
-
-
-
-
-
-
-SE1234The OpenID Connect Login
\ No newline at end of file

Dataset/SE1234/000100.txt

-Application is registered at the OP (OpenID provider)
-1.
-2.
-3.
-4.
-5.
-
-Send an OpenID Connect Request to OP
-User is authenticated at the OP
-User is requested for consent at the OP
-Application receives an intermediate ‘code’.
-Application sends the code with the application authentication
-information.
-6. The application receives an id_token + access token in the
-response. App verifies the id_token and completes the login
-19
-
-The OpenID Connect Login
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000101.txt

-20
-
-Let’s see it action
-
-21
-
-OpenID Connect Login : Request
-https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=https://
-developers.google.com/oauthplayground&prompt=consent&respons
-e_type=code&client_id=407408718192.apps.googleusercontent.co
-m&scope=openid email profile
-https://www.googleapis.com/auth/xapi.zoo&access_type=offline
-
-22
-
-OpenID Connect Login : Authentication at OP
-
-23
-
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000102.txt

-OpenID Connect Login : Consent at OP
-
-24
-
-OpenID Connect Login : Response
-https://developers.google.com/oauthplayground/?code=4/6Q
-BptdphHUBvd7X_lpOS5N2BlPvBy1QhrTfnNGlXKrpu3k6znBQF_s6YGjbSGibtwlUi5Q90rfqVrUgxfbqIKA&scope=o
-penid%20email%20profile%20https://www.googleapis.com/au
-th/userinfo.email%20https://www.googleapis.com/auth/userinfo
-.profile%20https://www.googleapis.com/auth/xapi.zoo&authuse
-r=0&session_state=7414bbf805e2f09026ee7065bc7358b466
-60897a..d46e&prompt=consent
-
-25
-
-OpenID Connect Login : Token Request
-POST /oauth2/v4/token HTTP/1.1
-Host: www.googleapis.com
-Content-length: 277
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000103.txt

-content-type: application/x-www-form-urlencoded
-user-agent: google-oauth-playground
-
-code=4%2F6QAsx1elz4EirZXkhCRW3jrM6A5ABq_2IrbdHDhPrfm3b6Fwhrld1gLswcBSNxNE3zE0sg4EJA79Pxm56gIwM&redirect_uri=https%3A%2F%2Fdevelopers
-.google.com%2Foauthplayground&client_id=407408718192.apps.goo
-gleusercontent.com&client_secret=************&scope=&grant_type=
-authorization_code
-26
-
-OpenID Connect Login : Response
-{
-"access_token": "ya29.GluoBu2HS6hrn7vVeTexqrW3m3i3sGLc6kEaH_WK5aJmVtMyGMJY1kmlItrvj3S4WXdarf199factfJVnq2Dr3GCNQsaVgCzPibWRGAZCTu18J67dAlwkuSY7a",
-"id_token": "eyJhbGciOiJSUzI1…….",
-"expires_in": 3600,
-"token_type": "Bearer",
-
-"scope": "https://www.googleapis.com/auth/plus.me
-https://www.googleapis.com/auth/userinfo.email",
-"refresh_token": "1/MOMjcw6wBrJBtHY5TzIw4wGg5SRt1fJhkOlp-hZo7LQ"
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000104.txt

-Secure software development openidconnect wasp secure fault tolerance threat security
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000105.txt

-
-OpenID Connect Login : Code vs Implicit
-
-32
-
-Demo Time!
-
-33
-
-Why should we use
-OpenID Connect?
-
-34
-
-OpenID Connect : Why?
-● Let’s app and site developers authenticate users
-without taking on the responsibility of storing
-and managing passwords (Federation)
-● End users have control over their data shared
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000106.txt

-with the app.
-
-35
-
-OpenID Connect : Why?
-● It’s a well recognized industry standard / API
-â—‹ Wide range of OPs to choose from
-â—‹ Libraries
-â—‹ JSON over HTTP
-â—‹ Well tested in terms of security
-â—‹ Zero code change solutions available
-
-36
-
-OpenID Connect : Why?
-● Enables BYOID (Bring your own identity)
-
-● Enables an easy path provide Single Sign On
-â—‹ Most IDPs support OpenID Connect
-
-
-
-
-
-
-
-
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000107.txt

-â—‹ Most SaaS apps support OpenID connect
-
-37
-
-Security in OpenID Connect
-
-38
-
-OpenID Connect : Security Aspects
-● Use of signed JWTs to pass user authentication
-information
-â—‹ App must verify id_token sent in response
-● Request objects to prevent request tampering
-â—‹ Sending request params in a signed JWT.
-● ‘state’ parameter to avoid CSRF token
-● ‘nonce’ parameter to avoid replay attacks
-39
-
-
-
-
-
-
-
-
-
-
-
-SE1234OIDC Logout
\ No newline at end of file

Dataset/SE1234/000108.txt

-
-Non-Repudiation
-Confidentiality
-
-High Level
-
-Authentication
-
-Low Level
-
-Authorization
-
-ENCRYPTION
-
-E.g. Consider online Bank Example
-
-Some definitions
-• Cryptography – Art/Science of Secret writing
-• Cryptoanalysis – Art/Science of converting the
-ciphertext to plaintext without using the
-secret key
-• Cryptology – Includes both Cryptography and
-Cryptoanalysis
-  
-SE1234

Dataset/SE1234/000109.txt

-Demo Time!
-
-45
-
-Solutions built on top of
-OpenID Connect
-
-46
-
-Mobile Connect
-
-47
-
-OpenID Connect in Open Banking
-● Open Banking Standards are built with data
-security and customer consent at their heart.
-● Uses OpenID Connect as the authentication and
-authorization layer
-● Uses OpenID Connect Hybrid Flows to enforce
-
-  
-SE1234
\ No newline at end of file

Dataset/SE1234/000110.txt

-security
-48
-
-Tips for Application Devs
-
-49
-
-Few Tips from one Dev to another
-● Try to use a standard APIs/solutions for
-authentication and authorization.
-● Opensource != unsecure
-● Use standard libraries.
-● Think about how easy it is to migrate from one
-vendor to another.
-● Think about the user experience (Enabling
-BYOID is now becoming a MUST)
-50
-
-
-
-
-
-
-
-
-
-SE1234
-
-Credits
\ No newline at end of file

Dataset/SE1234/000111.txt

-● All the diagrams I have used in this slide deck
-were generously borrowed from various blogs,
-websites etc. So the due credit should go to the
-respective authors :)
-
-51
-
-Mobile Application Security
-Thushara Desapriya
-
-Who AM I
-Thushara Desapriya (sdesapriya@gmail.com)
-Lead - Application Security Engineer/ SSE
-Information Security Enthusiast
-Learner, Trainer, Lecture
-Msc - Information Security (UCSC), MBA-IT
-16+ Years of Experience
-
-SE1234Information Security - CIA Triad
-SE1234
\ No newline at end of file

Dataset/SE1234/000112.txt

-
-Information Security - CIA Triad
-
-Smart Devices
-A mobile device is a computing device small enough to hold and operate in
-the hand.
-Smart device is an electronic device, generally connected to other devices or
-networks via different wireless protocols such as Bluetooth, NFC, Wi-Fi, LiFi,
-3G, etc.
-
-Evolution
-
-Smart Phone
-Operating System (Android, iOS, Symbian etc)
-Connectivity (Wi-Fi, Bluetooth, NFC etc)
-Applications
-Web Apps
-Native Apps
-Hybrid Apps
-SE1234
\ No newline at end of file

Dataset/SE1234/000113.txt

-
-Can I Borrow Your Phone for 5 min?
-
-Digital Payments - Smart Phone
-
-Digital Payments - Smart Phone
-India - Digital
-payment
-market is $200
-billion and
-expected to
-touch 1 trillion
-by 2023
-
-Digital Payments - Smart Phone
-SE1234
-Digital Payments - Smart Phone
-
-Mobile Banking
\ No newline at end of file

Dataset/SE1234/000114.txt

-
-Global Smartphone Shipments
-
-Global Smartphone Market Share
-
-General Issue
-Enterprise grade encryption on general devices is not common
-Hard to ensure Physical Security
-Untrusted Removable media (eg: Memory Chips)
-Jailbreaking and rooting
-App Stores do not validate security of applications effectively
-User Friendliness over Security (Tokens with long TTL)
-Small displays make it easier to perform phishing attacks
-
-Five Pillars
-Traditional Access Control
-Application Provenance
-Encryption
-Isolation'
-SE1234
\ No newline at end of file

Dataset/SE1234/000115.txt

-Permissions-based access control
-
-Five Pillars
-Traditional Access Control: This mechanism seeks to protect devices
-using techniques such as passwords and idle-time screen locking.
-Application Provenance: Is an approach where each application is
-stamped with the identity of its author and made tamper resistant (eg:
-digital signature). Thus enabling a user to decide to use or not to use
-the application based on the identity of the author.
-Encryption: Is a approach to conceal data on the device to address
-device loss or theft.
-
-Five Pillars
-Isolation: Limits applications ability to access sensitive data or
-systems on a device.
-Permission-based access control: Grants set of permissions to each
-application, limiting each application to access device data/systems
-within the scope of the permission. Blocks the application if it
-attempts to perform actions exceeding the permissions given.
-SE1234
\ No newline at end of file

Dataset/SE1234/000116.txt

-
-Android - Google
-Over 2 billion devices were running Android
-Based on a modified version of the Linux kernel and other open source software
-Security Model
-Based on linux users and file permissions
-Each process has its own userid (Similar to Linux process isolation method)
-Applications are run in isolated VMs
-
-Permissions/Access Control
-Can interact with operating system freely for general transactions
-For any other interactions user should provide permission at install time
-Developer specify any additional privileges needed in a Manifest File
-
-Android - Google
-Storage
-Uses SQLite DBs as flat file DBs
-
-Development
-SE1234
\ No newline at end of file

Dataset/SE1234/000117.txt

-Developed in Java, Compiled into Davlik
-Executable bundled with manifest files and packaged to Android Package Files (APK)
-Packages are signed with developers public key pair and sent to Google App Store
-
-Custom ROMs
-Android is open-source. This means the code that makes up the OS, known as the
-Android Open Source Project (AOSP), is freely available and customisable.
-
-iOS - Apple
-Security Model
-Similar to Mac OS and based on Trusted BSD
-Uses MAC to restrict capabilities of applications
-Sandbox applications
-The iOS uses a hardware accelerated AES-256 encryption to encrypt all data stored in
-the flash memory of the device.
-
-Permissions/Access Control
-Apps can access it’s own allocated file system resources freely
-Requests to elevate privileges from apps are prompted to user to allow or deny
-SE1234
\ No newline at end of file

Dataset/SE1234/000118.txt

-
-iOS - Apple
-Storage
-Uses SQL flat file Database
-Uses Keychains to store passwords, cookies etc.
-Development
-Applications are developed using Objective-C
-Bundled with an entitlements and preferences
-Code Signed by an Apple issued certificate
-
-Windows 10
-Secure boot
-UEFI (BIOS) components with the Secure Boot feature also helps to ensure that only
-trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can
-start on the mobile phone.
-
-Trusted Platform Module
-Tamper-resistant cryptographic module that enhances the security and privacy of
-computing platforms
-SE1234
\ No newline at end of file

Dataset/SE1234/000119.txt

-Managing cryptographic keys
-Safeguarding and reporting integrity measurements
-Proving a TPM is really a TPM
-
-Windows 10
-Isolation (AppContainer)
-Based on the principle of least privilege and uses isolation to achieve it. Every app and
-even portions of the operating system itself run inside their own isolated sandbox
-called an AppContainer
-
-User consent and control
-Capabilities that apps use are automatically published to the app details page in the
-Microsoft Store. App access to capabilities that may expose sensitive information
-automatically prompt the user to acknowledge and provide consent
-
-Address Space Layout Randomization (ASLR)
-Makes that type of attack much more difficult because it randomizes how
-and where important data is stored in memory
-SE1234
\ No newline at end of file

Dataset/SE1234/000120.txt

-Comparison
-
-Top Mobile Application Issues
-M1: Improper Platform Usage
-
-M7: Client Code Quality
-
-M2: Insecure Data Storage
-
-M8: Code Tampering
-
-M3: Insecure Communication
-
-M9: Reverse Engineering
-
-M4: Insecure Authentication
-
-M10: Extraneous Functionality
-SE1234
\ No newline at end of file

Dataset/SE1234/000121.txt

-M5: Insufficient Cryptography
-M6: Insecure Authorization
-
-https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10
-
-Edge Cases
-Missing Certificate Validation
-Hardcoded Sensitive Information (Keys, Credentials, Ips)
-Token Replay
-Resources are Available to Public
-Missing “Lost Device” Use-Case
-
-Mobile Application Testing
-Static vs Dynamic Analysis (SAST vs DAST)
-Penetration Testing
-OWASP Testing Guide
-(https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide#tab=Main)
-
-ASVS
-SE1234
\ No newline at end of file

Dataset/SE1234/000122.txt

-(https://www.owasp.org/images/6/67/OWASPApplicationSecurityVerificationStandard3.0.pdf)
-(https://github.com/OWASP/owasp-masvs/releases/download/v1.2/OWASP_MASVS-v1.2-en.pdf)
-
-Emulator
-Android Debug Bridge
-
-Mobile Application Testing
-Tampering Traffic
-Install Certificate
-(https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/)
-
-Reversing
-Apktool (https://ibotpeaches.github.io/Apktool/)
-d2j-dex2jar.sh -d <apk_name>.apk
-JD-GUI
-
-Mobile Application Testing
-Verifying the Signer
-Sdk/build-tools/28.0.3
-\
-
-SE1234
\ No newline at end of file

Dataset/SE1234/000123.txt

-apksigner verify --print-certs <apk_name>.apk
-
-Privacy Violations
-Travel, Workout Apps (Strava)
-Games (Pokémon GO, Ingress)
-
-Best Practices for Organizations
-Mobile security training sessions: By training employees and managers on the
-importance of mobile security and how to prevent cyber attacks, businesses can
-mitigate risk.
-Have mobile policies in place: A mobile usage policy will ensure that employees know
-what they can, and can’t access. This can bring security to the forefront when it comes
-to company mobile devices.
-Require device best practices: Whether it is employer owned mobile devices or BYOD
-smartphones, having security best practices is paramount. Install anti-virus, and
-malware software, endpoint management software, and two-factor authentication.
-
-Best Practices for Organizations
-Use encryption: Encryption can support your mobile security efforts, such as a Virtual
-SE1234
\ No newline at end of file

Dataset/SE1234/000124.txt

-Private Network (VPN). This is an additional layer of protection that makes it more
-challenging for hackers to access company and client data.
-Schedule security audits: Security audits that are scheduled regularly is an important
-part of any business security plan. Ensure mobile is incorporated in that plan. This can
-help companies identify potential threats or breaches before they become serious.
-Mobile Device Management
-
-Questions
-sdesapriya@gmail.com
-
-Low Level Security
-Thushara Desapriya
-
-Why Low Level
-
-Web Application Issues
-
-Treat it Right
-Data should not become part of the Code
-SE1234
\ No newline at end of file

Dataset/SE1234/000125.txt

-Injections
-Cross Site Scripting
-
-SQL Injection
-
-SQL Injection
-
-SQL Injection
-UserName = abc
-
-Password= xxx’ or ‘1’=’1
-
-SELECT Username, Password FROM users WHERE
-Username=’abc’ AND
-Password=’xxx’ or ‘1’=’1’;
-SE1234
-Cross Site Scripting - XSS
-
-Trick the User
\ No newline at end of file

Dataset/SE1234/000126.txt

-No Patch for Human Stupidity
-
-CSRF - Cross-Site Request Forgery
-
-Clickjacking
-
-Unvalidated Redirects
-
-Buffer Overflow
-Buffer overflows were understood and partially publicly
-documented as early as 1972
-1988 Morris Worm
-Shutdown over 6000 systems in just a few short hours
-Exploited fingered through exploiting a unchecked buffer
-initialized by gets()
-
-Among SANS top 25 most dangerous software errors
-(Ref : http://www.sans.org/top25-software-errors/)
-SE1234

Dataset/SE1234/000127.txt

-Buffer Overflow
-2001 the Code Red worm exploited a buffer overflow in Microsoft's Internet Information
-Services (IIS) 5.0
-2003 the SQL Slammer worm compromised machines running Microsoft SQL Server
-2000.
-2003, buffer overflows present in licensed Xbox games have been exploited to allow
-unlicensed software, including homebrew games, to run on the console without the
-need for hardware modifications, known as modchips.
-The PS2 Independence Exploit also used a buffer overflow to achieve the same for the
-PlayStation 2.
-The Twilight hack accomplished the same with the Wii, using a buffer overflow in The
-Legend of Zelda: Twilight Princess
-
-What is Buffer Overflow
-buffer overflow, or buffer overrun, is an anomaly where a program,
-while writing data to a buffer, overruns the buffer's boundary and
-overwrites adjacent memory locations
-SE1234
-What is Buffer Overflow
\ No newline at end of file

Dataset/SE1234/000128.txt

-A buffer overflow occurs when data written to a
-buffer also corrupts data values in memory
-addresses adjacent to the destination buffer due to
-insufficient bounds checking.
-This can occur when copying data from one buffer
-to another without first checking that the data fits
-within the destination buffer.
-
-What is Buffer Overflow
-
-What is Buffer Overflow
-"excessive" is 9 characters long and encodes to
-10 bytes including the null terminator, but A can
-take only 8 bytes. By failing to check the length of
-the string, it also overwrites the value of B:
-
-Buffer Overflow - Solution
-
-Can be prevented easily through using bounds
-SE1234
\ No newline at end of file

Dataset/SE1234/000129.txt

-checking
-
-What is Buffer Overflow
-Writing data past the end of allocated memory can sometimes be detected by the
-operating system to generate a segmentation fault error that terminates the process.
-Segmentation Fault : Fault raised by hardware with memory protection notifying an
-Operating System about a memory access violation
-
-Buffer Overflow - When
-
-Buffer Overflow - Damage
-So Buffer overflow can raise a memory access violation error and halt a
-program execution which may cause a denial of service.
-
-Memory Structure
-
-Big-endian and Little-endian
-Big-endian and little-endian are terms that describe the order in which a sequence of bytes
-are stored in computer memory
-SE1234
\ No newline at end of file

Dataset/SE1234/000130.txt

-
-Registers
-Registers are either 32 or 64 bit high-speed storage locations directly inside the CPU,
-designed for high-speed access. For the purposes of discussion, registers can be grouped
-into the four categories of Data, Segment, Index, and Control
-
-Stack Frame
-Stack has frame which stores routines data
-
-Stack Buffer Overflow (Stack Smashing)
-By overwriting a local variable that is located near the vulnerable buffer on the
-stack, in order to change the behavior of the program
-By overwriting the return address in a stack frame. Once the function returns,
-execution will resume at the return address as specified by the attacker - usually
-a user-input filled buffer
-By overwriting a function pointer or exception handler, which is subsequently
-executed
-By overwriting a local variable (or pointer) of a different stack frame, which will
-be used by the function which owns that frame later
-SE1234
\ No newline at end of file

Dataset/SE1234/000131.txt

-
-Stack Buffer Overflow
-
-Stack Buffer Overflow
-
-Stack Buffer Overflow
-
-Heap Overflow
-Different from stack-based overflows.
-Memory on the heap is dynamically allocated by the application at run-time and
-typically contains program data.
-Exploitation is performed by corrupting this data in specific ways to cause the
-application to overwrite internal structures such as linked list pointers.
-The canonical heap overflow technique overwrites dynamic memory allocation
-linkage (such as malloc metadata) and uses the resulting pointer exchange to
-overwrite a program function pointer
-
-Read Overflow
-Similar to writing pass the end of a buffer, read overflow could permit
-SE1234
\ No newline at end of file

Dataset/SE1234/000132.txt

-reading past the end of buffer leaking secret information
-The heartbleed bug
-SSL Server should accept heartbeat message and echoes it back
-Heartbeat message specifies the length of its echo-back portion, but the
-buggy SSL software did not check whether the length was accurate
-Therefore an attacker was able to request longer length and read pass the
-contents of the buffer leaking passwords, crypto keys etc
-
-Counter Measures
-Libsafe project
-Re-implemented functions like strcpy(),
-strcat() and gets()
-
-Stack Guard
-Achieved by a compiler extension that adds
-so called canary values before the EIP saved
-at the function
-SE1234
-Remote Code Execution (RCE)
\ No newline at end of file

Dataset/SE1234/000133.txt

-
-Questions
-sdesapriya@gmail.com
-
-Threat Modeling
-Thushara Desapriya
-
-Threat Modeling
-Find security issue before implementing anything…!
-
-Threat Modeling
-A systematic & structured security technique, used to identify the
-security objectives, threats & vulnerabilities of an application, to
-help make design and engineering decisions, and determine
-where to prioritize efforts in designing, developing and deploying
-secure applications
-It's a day-to-day phenomenon for all of us :
-Assets (e.g. Photos, Jewelry)
-Architecture/Design of you home
-SE1234
\ No newline at end of file

Dataset/SE1234/000134.txt

-Attackers (Burglary)
-
-Threat Modeling
-Threat modeling answers questions like :
-“Where are the high-value assets?”
-“Where am I most vulnerable to attack?”
-“What are the most relevant threats?”
-“Is there an attack vector that might go unnoticed?”.
-
-Why Threat Modeling
-Systems have been vulnerable due to :
-failures in identifying all potential risks by the analysts
-failures in detecting the loopholes (e.g., access control) by test
-engineers
-incorrect implementation of best coding practices and
-programming logic
-improper system deployment and maintenance (configuration
-level)
-SE1234
\ No newline at end of file