Software security. building security in

キーフレーズ

Software security touchpoints Security requirements father of software security PiIIars of Software Security vare security Security operations Tenable Security security conundrum vork security security vulnerabilities security problems Security features f stupid security holes Addison-WesIey Software Security series Risk-based security tests software developers f ル f Engineering f commumcatl f middleware testing t0 f secure soft t0 ad0Pt Architectural risk analysis Code quality Abuse cases landmark contribution t0 Gary McGraw's b00k lt's better t0 McGraw's knowledge new book Gary's book Penetration testing information processes vulnerabilities application architectural risk analysis developers functionality touchpoints knowledge lnput Validation experience Description abuse cases security problems best practices attack patterns description software developers secure software vulnerability buffer overflows Gary McGraw software security architecture following organizations Representation importance definition TEST RESULTS Microsoft capability components String Manipulation phy lnformation 舫 r 川 purpose scope Assembly management Business relevance basename functions Fred Schneider Dan Geer effective userID nature severe technical risks DC lstat Documents powerful software company equired fo configuration sscanf S0ftware Security riSk management framework example t001S usage Of low-level memory routines た gdo 川 objective risk analyses users' demand fO D リ advantage security defect density teg t

目次

Contents ド 0 「 ewo xix Preface xxiii AcknowIedgments xxxi About the Author xxxv Part Software Security FundamentaIs 1 De ⅲ ng a DiscipIine 3 The Security ProbIem 4 1 The 行ⅲ / り可 Tro 〃わん : Ⅳわ ) the Pro わ川な Growing B た Sc 〃 7 0 Security Problems in Software 14 Bugs 4 〃 d 月 4 ル 5 4 〃 d Defects, 〇わ My! 14 T わビ Range 0 ー D ビじな 7 8 T わビ Pro わル川ル / 舫 A 々がた 4 〃 0 〃立り 20 SO 〃曜 4 尾立り 4 〃 d 〇々 4 〃 0 〃 5 23 5 Solving the Problem: The Three PiIIars of Software Security P 卍た A 々が d R なた M の ge 川ビ厩 26 乃″〃 : So ″Ⅲ 4 尾立り〃訪々 0 な 27 乃〃Ⅱた K 〃 0 ル dg 35 The Rise of Security Engineering 37 So ″曜 4 尾立ロ所な E 怩 00 ' わ 38 25 XiiZ

2 A Risk Management Framework 39 putting Risk Management into Practice 40 How to Use This Chapter 41 The Five Stages of Activity 42 & ag 1 : U 〃施〃 d 舫ビ B 郷お s CO れ 43 stage 2 ヨれ〃舫ビ B ぉ 5 4 れ d 訪ⅲ ca / Risks stage 3 : れ舫おたビ 4 れ d Ra れた舫ビ R なた 5 44 Stage 4 : D 師れビ舫ビ R なた M g 酣われ & g ア 45 stage 5 : C 0 おⅸぉ 4 れ d 〃 45 M s 〃れ g 4 れ d R 印 0 g 0 れ R なた 46 The RMF ls a MuItiIeveI Loop 46 Applying the RMF: KillerAppCo's iWare 1.0 Server U 〃 d 5 地れ市〃 g the B ぉ s CO 厩既右 49 1 厩 g 舫ビ B 郷ぉ 5 4 れ d 訪 c Risks 50 れ舫おた g 4 れ d 尺 4 れた g the Risks 63 D 師〃 g 舫 R なた M g 酣われ S な 4 g ア 69 Carrying 〇 Fixes 4 れ d 〃〃れ g 73 The lmportance of Measurement 73 M s 〃〃 g Re れ 74 M 川 e 4 〃 d Me な 5 ルビ RMF 75 The Cigital Workbench 76 43 48 Risk Management ls a Framework for S0ftware SecuritY Touchpoints as Best Practices 94 Moving Left 91 Black and White: Two Threads lnextricably lntertwined W わ O 〃立怩館 89 *. Ex 川 A s な 88 7. 立砒り〇々邵酣われ s 88 6. S “〃り Req ⅵ川 e れな 88 5. A わビ C お 88 4. R なた - Ba d 立硼り計 g 87 3. P ビれ〃 0 れ TI お〃れ g 87 2. A 尾んけ町尺なた A 5 な 86 1. Co R ル ( 0 勺 86 Flyover: Seven Terrific Touchpoints 86 ヨ ⅳ od ( on t0 S0ftware Security Touchpoints 83 part 止 seven TO ( hpo ts for S0ftware Security CO れれな 79 81 89

CO れれな 4 5 Who Should Do Software Security? 96 B 〃〃市〃 g 4 So ″曜 4 尾立り Group 97 Software Security ls a MultidiscipIinary Effort 100 Touchpoints tO Success 103 Code Review with a To 105 Catching lmplementation Bugs EarIy (with a Tool) 106 Aim for Good, Not Perfect 108 Ancient History 109 Approaches to Static Analysis 110 T わビ H な 0 ー犬〃 Coverage 7 72 Mo 詭川 R ぉ 714 TooIs from Researchland 114 Commercial T001 Vendors 123 Co 川川 c / So 〃尾ビ Co A 〃 4 て 5 724 Key C わ 4 けな〃 0 ー 4 % 0 / 125 T わビ C あ 4 けな〃 A レ 0 727 T わビお 0 なれ So Co A 〃な suite 127 The お 0 な / Knowledge Base 732 Using お 0 な / 734 Touchpoint Process: Code Review 135 Use a T00k0 Find Security Bugs 137 ArchitecturaI Risk A れ a ツ、 $ 139 Common Themes among Security Risk Analysis Approaches Traditional Risk Analysis Terminology 144 Knowledge Requirement 147 The Necessity of a Forest-Level View 148 A Traditional Example of a Risk Calculation 152 140 Limitations of TraditionaI Approaches 153 Modern Risk Analysis 154 立り尺尾川〃な 7 55 A B おた R なた A 〃 4 / な A 々々 roa 訪 156 Touchpoint Process: Architectural Risk Analysis 161 A な 4 黻 R おな〃 A 〃 4 / な 163 A 川ん g A 〃 4 / な 7 65 Ⅳた〃ぉ s A 〃 4 s な 767 Getting Started with Risk Analysis 169 ArchitecturaI Risk Analysis ls a Necessity 170

6 7 8 9 CO 〃〃な S0ftware Penetration Testing 171 penetration Testing T0day 173 Software penetration Testing—a Better Approach 178 Ma Use 可肪 0 な 779 Mo 尾 T わ 4 〃〇〃 7 82 lncorporating Findings Back into Development 183 Using penetration Tests tO Assess the Application Landscape 184 proper penetration Testing ls G00d 185 Risk-Based Security Testing 187 what's So Different about Security? 191 Risk Management and Security Testing 192 How to Approach Security Testing 193 Ⅳわ 0 793 Ho ル 194 Thinking about (Malicious) lnput 201 Getting Over lnput 203 Leapfrogging the Penetration Test 204 Abuse Cases 205 Security ls Not a Set 0f Features 209 What You Can't Do 210 Creating Useful Abuse Cases 211 But No 〇〃 Wo 〃旧 E レ Do T わ酣 ! 272 Touchpoint process: Abuse Case Development C 4 〃〃 g A 〃〃 - R ビ尾川〃な 273 Creating 4 〃 A な黻 M0del 216 An Abuse Case Example 217 Abuse Cases Are Useful 222 S0ftware Security Meets Security Operations Don't Stand So CIose to Me 224 Kumbaya (for S0ftware SecuritY) 225 Come Together (Right Now) 232 Future's SO Bright, I G0tta Wear Shades 235 213 22

CO 〃〃な Part 川 : Software Security ( 「 ow $ Up 237 10 11 12 An Enterprise S0ftwa Security P 「 09 「 am 2 ヨ 9 The Business Climate 240 Building Blocks of Change 242 Building an lmprovement Program 246 Establishing a Metrics Program 247 A T わ - & 孕 E 〃ゆ Ro 〃 0 248 Continuous lmprovement 250 What about COTS (and Existing Software Applications)? An E 〃ゆん川酣わ〃 A 尾んじル 253 Adopting a Secure Development Lifecycle 256 KnowIedge f0 「 S0ftware Security 259 Experience, Expertise, and Security 261 Security Knowledge: A Unified View 262 Security Knowledge and the Touchpoints 268 The Department of Homeland Security Build Security ln Portal 269 Knowledge Management ls Ongoing 274 Software Security Now 275 A Taxonomy 0f ( 0d 9 E ″ 0 門 277 On Simplicity: Seven Plus or Minus Two 279 々協〃 d 酣わ〃 4 〃 d R 印厩 4 〃 0 れ 279 API A わビ 279 立りお 5 280 石川 4 〃 d S 280 E な 0 Ha 〃 d 〃〃 g 287 Co Q 〃り 281 E 叩〃 0 〃 287 E 〃房 ro 〃川ビ厩 282 The PhyIa 282 Mo P あァ信 Needed 289 A Complete Example 290 Lists, Piles, and Collections 292 N 〃 S 5 M ビ S ビ怩〃 K gdo 川 5 296 立怩〃 K gdo 川 5 4 〃 d 舫ビ OWASP 〃 297 Go Forth (with the Taxonomy) and Prosper 297 251

CO 〃れな 1 ヨ Annotated ぶ b 09 phy and References 299 Annotated Bibliography: An Emerging Literature 299 犬 e d R 市〃 g : The 々ん 299 Re ルれ s Cited Software Security: BuiIding Security ln 300 Go 怩川川厩 4 〃 d S 〃 d ホ P 〃わ〃〃 0 Cited 312 〇舫ー川々 0 4 厩 R 〃 c ぉ 313 Software Security Puzzle Pieces 318 B た S じ〃 : 〇々ビ〃尺ぉ尾わ A 319 Appendices 321 A B 0 ド 0 ー 50 rce Code AnaIysis Suite TutoriaI 323 9. Auditing Open Source Applications 342 8. Using the Audit Workbench 339 7. lntegrating with an Automated Build Process 335 6. Understanding Raw Analysis ResuIts 333 Arguments 332 5. Exploring the Basic SCA Engine Command Line 4. Running the Source Code Analysis Engine 329 3. Ensuring a Working Build Environment 328 2. Auditing Source Code Manually 326 1. lntroducing the Audit Workbench 324 lndex 395 ( 55a ヴ 393 SmurfWare SmurfScanner Design for Security 390 SmurfWare SmurfScanner Risk Assessment Case Study An Exercise sk A れ a ツ 5 : Smurfware 385 灯 54 RuIes 345 385

奥付

CD-ROM Warranty Addison-Wesley Professional warrants the enclosed CD-ROM t0 be free 0f defects in materials and faulty workmanship under normal use for a period 0f ninety days after purchase (when purchased new). If a defect is discovered in the CD- ROM during this warranty period, a replacement CD-ROM can be obtained at no charge by sending the defective CD- ROM, postage prepaid, with proof of purchase to: Disc Exchange Addison-Wesley Professional Pearson Technology Group 75 ArIington Street, Suite 300 Boston, MA 02116 Email: AWPro@aw.com Addison-Wesley professional makes no warranty or representation, either expressed or implied, with respect tO this software, its quality, performance, merchantability, or fitness for a particular purpose. ln no event will Addison-Wesley Professional, itS distributors, or dealers be liable for or consequential damages arlS- lng out Of the use or inability tO use the software. The exclusion Of implied warranties iS not permitted in some states. Therefore, the above exclusion may not apply tO you. This warranty provides you with specific legalrights. There may be other rights that you may have that vary from state t0 state. The contents 0f this CD- ROM are intended for personal use on 厚 、 'lore information and updates are available at: http://www.awprofessional.com/ System requtrements: Web/internet connectlon Memory Requirement Fortify recommends using a high-end Pentium processor or equivalent with at least 1 GB 0f RAM. Operating Systems The following operating systems are supported. Windows: Solaris: Macintosh: IBM AIX: Linux: Windows 2000 , Pro, Server, Advanced Server, and Datacenter Windows XP, Home and Pro Editions Windows 2003 , Standard, Web, and Enterprise Editions Red Hat Linux 9 Red Hat Enterprise Linux ES 2.1 and 3.0 Solaris 8 MacOSX 10.3 AIX 5.3 Supported Browsers The following browsers are supported : Mozilla 1.5 or later Firefox 0.9 or later lnternet Explorer 6 (Windows only) lnternet Explorer 5 for Macintosh (Macintosh 0 司 y ) N0te: On UniX operating systems a web browser must be specified in the path in order for the installation tO complete succesfully. Other copyright info: The material on this CD is copyright 2005 Fortify S0ftware. Version: Fortify Source C0de Analysis Suite 3.1. l—Demonstration Edition Date: 09 / 23 / 2005