325
Chapter 10
Pulling It All Together:
Using the SDL
to Prevent Real-
World Threats
Cyber threats result from software flaws, which are weakness that can
be exploited by cyber attack or exploitation of a software application
or system. In this book, we have covered strategies for implementing
specific aspects of software security in the form of SDL best practices
to assist software development organizations in avoiding and reducing
software flaws as an essential element of effective core software security by
providing security at the source.
Although achieving a vulnerability-free product is exceedingly diffi-
cult, maybe even impossible, it should always be your goal. By apply-
ing the best practices in this book, the software you develop will be as
free from security vulnerabilities as possible. The fewer the number of
vulnera bilities, the harder it will be for an attacker to exploit a given appli-
cation. By no means are we going to stop all threats through the use
of software security best practices, but maximizing the reduction of the
326 Core Software Security
attack surface is our ultimate goal in that it makes our job as software
security professionals easier and that of our adversaries more difficult. By
implementing the practices outlined in this book, you will be able to a
large extent mitigate most threats coming from non-state threat actors.
In this chapter, we will break down the threats into three major catego-
ries, specifically, strategic, tactical, and user-specific. We will then provide
examples of attacks in each category and how the application of the SDL
best practices outlined in this book will assist you in developing software
that is resistant to these threats and attack methodologies.
10.1 Strategic, Tactical, and User-Specific
Software Attacks
Now that we have described secure software development practices, it is
important to finish this book by reminding the reader of the importance
of using these practices to protect against today’s cyber threats. After a
few quotes from industry leaders, we will give a high-level overview of the
type of cyber threats that secure software development practices provide a
baseline protection against at the core.
Organizations are implementing policies to address secure
software development practices, and beyond using software
scanning tools, finding it important to integrate secure software
practices into the culture of the organization. Some firms have
found that using judicious secure software development processes
can reduce vulnerabilities associated with mission critical
software by 70%.
1
—Jeff Snyder, Vice President, Cyber Programs,
Raytheon Company, 2012
Cyber attacks take advantage of software errors, such as not
properly validating user input, inconsistencies in the design
assumptions among system components, and unanticipated
user and operator actions. Software errors can be introduced
by disconnects and miscommunications during the planning,
development, testing, and maintenance of the components.
Although an application development team may be expert
Pulling It All Together: Using the SDL to Prevent Real-World Threats 327
in the required business functionality, that team usually has
limited or no applicable security expertise. The likelihood of
disconnects and miscommunications increases as more system
components have to satisfy security requirements. The necessary
communications and linkages among the life-cycle activities,
among multiple development teams, and between the system
development and eventual usage should be reflected in project
management. Project managers should consider the additional
communications requirements, linkage among life-cycle
activities, and the potential usage environment as these items
relate to security needs.
2
—Robert J. Ellison, “Security and
Project Management,” 2006
By promoting the best software security practices industry-wide,
there is a significant opportunity to improve the overall security
of the technology ecosystem.
3
—Howard Schmidt, Former U.S. Cybersecurity Czar, 2013
The importance of an organization understanding its application
security maturity level and the impact it has on their overall
IT security profile is critical. Research has shown that the
application layer is responsible for over 90 percent of all
security vulnerabilities, yet more than 80 percent of IT security
spending continues to be at the network layer, primarily focused
on perimeter security. The findings of this study reveal the need
for making greater investment in application security programs
to reduce overall organizational exposure to cybercrime.
4
—The State of Application Security—A Research Study by
Ponemon Institute LLC and Security Innovation, 2013
Strategic attacks are typically planned and controlled to target infor-
mation assets including specifications, technologies, plans, capabilities,
procedures, and guidelines to gain strategic advantage. They are typi-
cally conducted by state sponsors (or by entities supported by states),
organized crime, or competitors. Tactical attacks are typically random
and opportunistic; they target information assets for prestige or financial
328 Core Software Security
reward through the use of malware, exploits, hackers, surrogates, insider
threat, and chat rooms, and they are conducted by professional hack-
ers, script kiddies, and insiders. As you can see, one of the key differen-
tiators between tactical and strategic attacks is motive: Tactical attacks
target network assets for prestige or financial reward, whereas a strategic
attack is the coordination of multiple tactical attacks (and on a much
larger scale) against multiple target networks for strategic advantage or
to preempt adversary from getting one. The targets of tactical attacks are
random and opportunistic, taking advantage of software vulnerabilities
and user ignorance, whereas strategic attacks target a higher-level process
and are intelligence driven and carefully planned and orchestrated. For
example, strategic attacks may include infiltrating strategic infrastructure,
targeting telecommunications infrastructure, and aggregating informa-
tion in specific technology areas such as stealth technology. The ability
to understand strategic attacks requires an understanding of: (1) the busi-
ness functions and processes supported by individual networks; (2) the
business relationships between networks; and (3) sharing of tactical attack
data among contractors, suppliers, and target entities. The information
gleaned by threats to these business relationships is used to guide and
direct strategic attacks.
5
User-targeted specific software attacks can be strategic, tactical, or
opportunistic. They may involve an attack targeting a privilege escalation
of a specific user that exploits a vulnerability in software to gain access
to resources and information that would normally be unrestricted to the
user—including data on the specific user machine or resources that the
user can access. Strategic attacks are a super-set that leverage tactical and/or
user-specific attacks.
10.1.1 Strategic Attacks
In general, strategic software targets are applications which are essential
to critical infrastructure functions of the government, economy, or soci-
ety at large. Components of the critical infrastructure include highways,
airports and aircraft, trains and railways, bus lines, shipping and boat
lines, trucking systems, and supply networks for basic goods, electric
power plants and lines, along with oil and gas lines and utilities of all
kinds, including water and sewer systems, land and cell phone systems,
Pulling It All Together: Using the SDL to Prevent Real-World Threats 329
computer networks, television, and radio (not only that which is publicly
accessible, but that controlled by private or government entities in special
networks or on special frequencies), banks and other financial institu-
tions, and security, fire, hospital, and emergency services. Each element
of critical infrastructure is so vital that if it were removed from the equa-
tion, even temporarily, the entire nation would experience monumental
repercussions. Even when the infrastructure of a particular area is threat-
ened, the results can be disastrous. This can include telecommunications,
energy, banking and finance, transportation, water systems, and emer-
gency services.
6
Of course, strategic targets also include critical elements
of the government such as defense, intelligence, and other agencies con-
sidered of high value to an adversary.
Strategic software attacks are highly repeatable and use general target-
ing such as against a broad industry (military, finance, energy, etc.) or
groups of individuals (politicians, executives), and must have long-term
staying power. Strategic attacks are less sophisticated in comparison to
tactical threats and typically are lower in cost to develop and maintain.
These types of attacks can be categorized in three major areas: espionage,
criminal, and socio-political.
10.1.1.1 Espionage
Cyber spying, or cyber espionage, is the act or practice of obtaining
secrets without the permission of the holder of the information,
from individuals, competitors, rivals, groups, governments
and enemies for personal, economic, political or military
advantage using methods on the Internet, networks or individual
computers through the use of cracking techniques and malicious
software including Trojan horses and spyware. It may wholly
be perpetrated online from computer desks of professionals on
bases in far away countries or may involve infiltration at home by
computer trained conventional spies and moles or in other cases
may be the criminal handiwork of amateur malicious hackers and
software programmers. Cyber spying typically involves the use
of such access to secrets and classified information or control of
individual computers or whole networks for a strategic advantage
and for psychological, political and physical subversion activities
and sabotage.
7
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.