The Art of Software Security Assessment

Chapter 3 - Operational Review

blog December 19th, 2006

Overview

This chapter is intended for people with limited knowledge of how operational security ties into the application assessment process. It opens by explaining the concept of exposure and how operational security often focuses on minimizing attack surface. We then take a bit of a detour to enumerate some forms of exposure specific to web traffic. The chapter closes with a discussion of operational security measures applied either in the development process, on the deployed host, or at the network layer.

External Resources

MS Technet: How Access Tokens Work
MS Technet: Applying the Principle of Least Privilege to User Accounts on Windows XP
The Non-Admin blog - running with least privilege on the desktop
Wikipedia: chroot jail
Using chroot Securely
Linux grescurity Homepage
SELinux Homepage
Wikipedia: Linux PaX
Wikipedia: Stack-Smashing Protection
Wikipedia: Address Space Layout Randomization (ASLR)
Michael Howard’s Blog: Address Space Layout Randomization in Vista
Michael Howard’s Blog: Protecting Against Pointer Subterfuge
A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003
Wikipedia: Firewalls
Wikipedia: Demilitarized Zone (DMZ)
Wikipedia: Network Address Translation (NAT)
Wikipedia: Wireless Security

Further Reading and Discussion

This chapter presented a really interesting challenge for us. After all, operational security is the focus of countless books, and any thorough coverage requires being specific in terms of OS, platform, application, language, and so on. Of course we didn’t want to dilute the focus of the book and start giving hardening guidelines for things like Apache and Windows. However, we still needed some way to bridge the gap and help frame operational security for programmers and code auditors. In the end we chose to focus on techniques that affect an assessment by minimizing attack surface and improving defense in depth. That perspective allowed us to pick several approaches that demonstrate these notions, without trying to write an encyclopedia of operational security. While this chapter might have limited value to an experienced security professional, it provides the ramp-up needed by many programmers and QA personnel.

Discussion

Permanent Link | Trackback URI | Comments RSS

The Book

This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Tags
- Errata (5)
- Discussion (28)
- Auditing (9)
  - Windows (6)
  - Unix (3)
  - C/C++ (9)
  - SQL (2)
  - Web (5)
- Spot the Vuln (2)
Archives
- November 2008 (2)
- October 2008 (1)
- August 2008 (2)
- June 2008 (1)
- May 2008 (1)
- April 2008 (2)
- February 2008 (2)
- January 2008 (2)
- August 2007 (1)
- July 2007 (1)
- April 2007 (1)
- February 2007 (6)
- January 2007 (6)
- December 2006 (13)

Continued ramblings on software security and code auditing

Chapter 3 - Operational Review

Overview

External Resources

Further Reading and Discussion

Leave a Reply

The Book

Tags

Archives