D487 - Secure Software Design Knowledge Check and Study Guide Exam with Correct Answers 100 Guaranteed Pass

Lesson1 j




Introduction
W elcome to our course about what we believe to be the most important topic in infor
j j j j j j j j j j j j j j j


mation security for the foreseeable future: software security. In the following sections,
j j j j j j j j j j j j

we will cover five major topics that highlight the need, value, and challenges of software
j j j j j j j j j j j j j j

security. This will set the stage for the remainder of the course, where we describe our
j j j j j j j j j j j j j j j j j

model for software security: building security into your software using an operationally
j j j j j j j j j j j j

relevant and manageable security development lifecycle (SDL) that is applicable to all
j j j j j j j j j j j j

software development lifecycles (SDLCs). The topics and reasons for including them in
j j j j j j j j j j j j

this introductory lesson are listed below.
j j j j j




1. The importance and relevance of software security. Software is critical to e
j j j j j j j j j j j


verything we do in the modern world and is behind our most critical systems. As sj j j j j j j j j j j j j j j


uch, it is imperative that it be secure by design. Most information technology (IT)-
j j j j j j j j j j j j j


related security solutions have been developed to mitigate the risk caused by ins
j j j j j j j j j j j j


ecure software. To justify a software security program, the importance and relev
j j j j j j j j j j j


ance of the monetary costs and other risks for not building security into your soft
j j j j j j j j j j j j j j


ware must be known, as well as the importance, relevance, and costs for buildin
j j j j j j j j j j j j j


g security in. At the end of the day, software security is as much a business decisi
j j j j j j j j j j j j j j j j


on as it is about avoiding security risks.
j j j j j j j




2. Software security and the software development lifecycle. It is important t j j j j j j j j j j


o know the difference between what are generally known in software developm
j j j j j j j j j j j


ent as softwaresecurity and application security. Although these terms are often
j j j j j j j j j j j j


used interchangeably, we differentiate between them because we believe ther
j j j j j j j j j


e is a distinct difference in managing programs for these two purposes. In our mo
j j j j j j j j j j j j j j


del, software security is about building security into the software through a SDL i
j j j j j j j j j j j j j


n an SDLC, whereas application security is about protecting the software and th
j j j j j j j j j j j j


e systems on which it runs after release.
j j j j j j j

,3. Quality versus secure code. Although secure code is not necessarily quality
j j j j j j j j j j j


code, and quality code is not necessarily secure code, the development proce
j j j j j j j j j j j


ss for producing software is based on the principles of both quality and secure c
j j j j j j j j j j j j j j


ode. You cannot have quality code without security or security without quality, a
j j j j j j j j j j j j


nd their attributes complement each other. At a minimum, quality and software
j j j j j j j j j j j j


security programs should be collaboratingcloselyduringthedevelopment pro
j j j j j j j j j


cess;ideally,theyshould be part of the same organization and both part of the s
j j j j j j j j j j j j j j j


oftware development engineering department. We will discuss this organizatio
j j j j j j j j


nal and operational perspective later in the course.
j j j j j j j




4. The three most important SDL security goals. At the core of all software sec
j j j j j j j j j j j j j


urity analysis and implementation are three core elements of security: confident
j j j j j j j j j j


iality,integrity, and availability, also known as the C.I.A. model. To ensure high co
j j j j j j j j j j j j j


nfidence that the software being developed is secure, these three attributes mu
j j j j j j j j j j j


st be adhered to as key components throughout the SDL.
j j j j j j j j j




5. Threat modeling and attack surface validation. The most time-
j j j j j j j j


consuming and misunderstood part of the SDL is threat modeling and attack su j j j j j j j j j j j j


rface validation. In today’s world of Agile development, you must get this right or y
j j j j j j j j j j j j j j


ou will likely fail to make your software secure. Threat modeling and attack surfa
j j j j j j j j j j j j j


ce validation throughout the SDL will maximize your potential to alleviate post-
j j j j j j j j j j j


release discovery of security vulnerabilities in your software product. We believ
j j j j j j j j j j


e this function to be so important that we have dedicated a SDL section and a sep
j j j j j j j j j j j j j j j j


arate lesson to this topic. j j j j




6. 1.1
7. TheImportanceand RelevanceofSoftwareSecurity
j j j j j j j




8.

,9.
j


10.

The 2005 U.S. President’s Information Technology Advisory Committee (PITA
j j j j j j j j


C) report stated: “Commonly used software engineering practices permit dange
j j j j j j j j j


rous errors, such as improper handling of buffer overflows, which enable hundre
j j j j j j j j j j j


ds of attack programs to compromise millions of computers every year.”1 This h
j j j j j j j j j j
j
j


appens mainly because “commercial j j j


softwareengineering todaylacksthescientificunderpinningsandrigorous contr
j j j j j j j j j


ols needed to produce high-quality, secure products at acceptable cost.”
j j j j j j j j j




The Gartner Group reports that more than 70 percent of current business securi
j j j j j j j j j j j j


ty vulnerabilities are found within software applications rather than the network b
j j j j j j j j j j j


oundaries.3 A focus on application security has thus emerged to reduce the risk o
j
j j j j j j j j j j j j


f poor software development, integration, and deployment. As a result, software
j j j j j j j j j j


assurance quickly became an information assurance (IA) focus area in the fina
j j j j j j j j j j j j


ncial, government, and manufacturing sectors to reduce the risk of unsecure co
j j j j j j j j j j j


de: Security built into the software development lifecycle makes good business
j j j j j j j j j j j


sense.

AU.S. Department of Homeland Security 2006 Draft,“Securityin the Software Lif
j j j j j j j j j j j j


ecycle,” states the following: j j j

, 11.
The most critical difference between secure software and insecure s j j j j j j j j j


oftware lies in the nature of the processes and practices used to specify, des
j j j j j j j j j j j j j


ign, and develop the software… correcting potential vulnerabilities as earl
j j j j j j j j j


y as possible in the software development lifecycle, mainly through the ad
j j j j j j j j j j j


option of security-enhanced process and practices, is far more cost-
j j j j j j j j j


effective than the currently pervasive approach of developing and releasin
j j j j j j j j j


g frequent patches to operational software.4
j j j j j




12.
At the RSA 2011 USA conference, cloud security issues were highlighted but ve
j j j j j j j j j j j j


rylittlediscussion was devoted to addressing the problem; however, at the 2012
j j j j j j j j j j j j j


conference, it was all about addressing the security issues in the cloud that had b j j j j j j j j j j j j j j


een so aptly identified the year before. The same thing happened in 2012, startin
j j j j j j j j j j j j j


g with a fewkey conferences, and continued with a major focus on discussing sol
j j j j j j j j j j j j j j


utions for software security in 2013. For example, in early 2012, Information We
j j j j j j j j j j j j


ek identified “Code gets externally reviewed” as one of the ten security trends to
j j j j j j j j j j j j j j


watch in 2012,5 and stated j j
j
j


that “this business mandate is clear: Developers must take the time to code clea
j j j j j j j j j j j j j


nly, and eradicate every possible security flaw before the code goes into product
j j j j j j j j j j j j


ion.” There was also apopular securityarticle published on March 1, 2012, titled “
j j j j j j j j j j j j j j


To Get Help with Secure Software Development Issues, Find Your Own Flaws,”
j j j j j j j j j j j j


that highlighted panel discussions at RSA 2012 in San Francisco.6 This panel di
j j j j j j j j j
j
j j


d a great job of identifying some of the critical issues but did not address solving t
j j j j j j j j j j j j j j j j


he software security challenges that it identified. However, things started to cha
j j j j j j j j j j j


nge mid- j


year 2012: The agenda for Microsoft’s inaugural Security Development Confer
j j j j j j j j j


ence, held in May 2012,7 was less about Microsoft and more about bringingsecu
j j j j
j
j j j j j j j j


resoftwaredevelopment thoughtleadership togetherandin three separate trac
j j j j j j j j j j


ks to include “security engineering,” “security development lifecycle (SDL) & bu
j j j j j j j j j j


siness,” and “managing the process” to discuss solutions to the most important s
j j j j j j j j j j j j


ecurity issue in industry, secure software development. This trend continued wit
j j j j j j j j j j


h the Black Hat USA 2012 Conference,8 the RSA 2013 Conference,9 and the 201
j j j j j j
j
j j j
j
j j


3 Microsoft Security Development Conference.10
j j j j