Secure Software Development Week 2.pptx
ssusere82d541
9 views
53 slides
Sep 16, 2025
Slide 1 of 53
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
About This Presentation
Secure Software Design and Development
Slide Content
CY256: Secure Software Design and Development Instructor: Ramsha Qureshi Lecturer (Cyber Security) Department of Computer Science, Multan Email ID: [email protected] Office: 1 st Floor, Room # 113 BSCYS – 4 th Semester Week # 2: Fundamental Security Concepts Week 2 - Date: February 17, 2025
Learning Objectives 2 After completing this chapter, students will be able to understand: Existing Security Solutions Software Security Insecure Software
Today’s Outline 3 Security in Network Design Firewall Intrusion Detection System (IDS) Intrusion Prevention System (IPS) EDR Software Security Insecure Software Design Secure Development Processes
Firewall 4
Protecting Networks 5
Fundamental Security Concepts (cont..) 6 Firewalls It is placed where the trust level has been changed Based on the concept of examining the packets A firewall is a network security system that monitors and controls over all your incoming and outgoing network traffic based on advanced and a defined set of security rules
Fundamental Security Concepts– Firewall 7 B order between our internal network and the Internet (public network)
Hardware vs. Software Firewall (cont..) 8 Sr. # Parameters Software Firewall Hardware Firewall 1. Operates on It operates on a single system (personal use) It protects one system at a time It operates on the entire network (for business use) It protects a whole network at a time 2. Configuration Configuration of a software firewall is easy Configuration of hardware firewall is not easy 3. Cost It is less expensive to install It is more expensive as an initial investment is required based on the protection level. 4. Performance performance of computers slows down It doesn’t affect the performance of the computer 5. Blocking content based on keywords can be blocked A domain or website can be blocked
Firewall Vendors (cont..) 9
Security in Network Design – Firewall (cont..) 10 Type of Firewalls
Security in Network Design – Firewall (cont..) 11 Packet Filtering Each packet is examined individually, based on the source and destination IP addresses, the port number , and the protocol being used, of whether the traffic will be allowed to pass
Security in Network Design – Firewall (cont..) 12 Application / Proxy or Gateway Firewall Application firewall protects network resources by filtering packet messages (content / payload)
Security in Network Design – Firewall (cont..) 13 Hybrid Firewall A hybrid firewall is the combination of Application Firewall and Packet Filtering Firewall. They are applied in series
Intrusion Detection System (IDS) 14
Fundamental Security Concepts– IDS 15 Terms: Security Intrusion : a security event , or incident in which an intruder gains, or attempts to gain , access to a system (or system resource) without having authorization to do so. Intrusion Detection : a security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner
Fundamental Security Concepts– IDS (cont..) 16 General Indications of Intrusions
Fundamental Security Concepts– IDS 17 Intrusion Detection System (IDS) An Intrusion Detection System (IDS) is a passive monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat.
18
Fundamental Security Concepts– IDS (cont..) 19 IDS Analysis Techniques Major Analysis Techniques are: Signature-based Detection Anomaly (behavior) Detection Hybrid Detection
Fundamental Security Concepts– IDS (cont..) 20 IDS Analysis Techniques (cont..) Anomaly (behavior) Detection Involves the collection of data relating to the behavior of legitimate users (or “normal” behavior of the protected systems) over a period of time Current observed behavior is analyzed to determine whether this behavior is that of a legitimate user or that of an intruder All future behavior is compared to this model, and any anomalies are labeled as potential threats and generate alerts . this approach can detect novel or zero-day threats , these systems must balance false positive (incorrect alerts) with false negative (missed detections)
Fundamental Security Concepts– IDS (cont..) 21 Signature / Heuristic detection IDS Analysis Techniques (cont..) Signature-based IDS solutions use fingerprints of known threats to identify them . Once malware or other malicious content has been identified, a signature is generated and added to the list used by the IDS solution to test incoming content Pros: This enables an IDS to achieve a high threat detection rate because all alerts are generated based upon detection of known-malicious content Cons: can not detect zero-day vulnerabilities
Fundamental Security Concepts– IDS (cont..) 22 Hybrid Detection IDS Analysis Techniques (cont..) A hybrid IDS uses both signature-based and anomaly-based detection . This enables it to detect more potential attacks with a lower error rate than using either system in isolation
Fundamental Security Concepts– IDS (cont..) 23 How IDS Works?
Fundamental Security Concepts– IDS (cont..) 24 Classification of Intrusion Detection Systems IDS systems are designed to be deployed in different environments. And like many cybersecurity solutions, an IDS can either be host-based or network-based . Host-Based IDS (HIDS): A host-based IDS is deployed on a particular endpoint and designed to protect it against internal and external threats. HIDS can monitor network traffic to and from the machine , observe running processes, and inspect the system’s logs visibility is limited to its host machine , decreasing the available context for decision-making, but has deep visibility into the host computer’s internals.
Fundamental Security Concepts– IDS (cont..) 25 Classification of Intrusion Detection Systems (cont..) Network-Based IDS (NIDS): A network-based IDS is designed to monitor an entire protected network . It has visibility into all traffic flowing through the network and makes determinations based upon packet metadata and contents. This wider viewpoint provides more context and the ability to detect widespread threats, NIDS lack visibility into the internals of the endpoints
Intrusion Prevention System (IPS) 26
Fundamental Security Concepts– IPS 27 Intrusion Prevention Systems (IPS) IPS is an active protection system Like the IDS, it attempts to identify potential threats based upon monitoring features of a protected host or network and can use signature, anomaly, or hybrid detection methods . Unlike an IDS, an IPS takes action to block or remediate an identified threat
28 Firewall IDS/IPS
Endpoint Detection and Response (EDR) 29
Fundamental Security Concepts– EDR 30 Endpoint Detection and Response (EDR) EDR is an Endpoint Detection and Response Endpoint Detection and Response (EDR), also referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.
Fundamental Security Concepts– EDR 31 Endpoint Detection and Response (EDR) EDR is defined as a solution that " records and stores endpoint-system-level behaviors , uses various data analytics techniques to detect suspicious system behavior , provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems." EDR security solutions record the activities and events taking place on endpoints and all workloads, providing security teams with the visibility they need to uncover incidents that would otherwise remain invisible. An EDR solution needs to provide continuous and comprehensive visibility into what is happening on endpoints in real time .
Fundamental Security Concepts– EDR 32 Endpoint Detection and Response (EDR) Endpoint Detection and Response (EDR) plays a crucial role in secure software design and development by providing real-time monitoring, threat detection, and incident response capabilities. Here's how EDR contributes to secure software development: Detecting Security Issues Early in Development: EDR tools can be used in development and testing environments to monitor for malware, suspicious activities, and exploits in the software before deployment. Helps identify vulnerabilities and weaknesses in runtime behavior during testing .
Fundamental Security Concepts– EDR 33 Endpoint Detection and Response (EDR) 2. Protecting Development Environments: Prevents insider threats: Developers often work with sensitive source code, credentials, and APIs. EDR monitors and alerts against unauthorized access or data exfiltration. Secures CI/CD pipelines: Monitors developer machines, build servers, and deployment environments against malicious code injections and unauthorized changes.
Fundamental Security Concepts– EDR 34 Endpoint Detection and Response (EDR) 3. Enhancing Secure Coding Practices: Behavioural analysis can detect unexpected process executions, file modifications, or network activities that indicate vulnerabilities. Encourages secure coding by ensuring that developers follow security best practices and avoid introducing security flaws.
Software Security 35
Fundamental Security Concepts– Software Security 36 Software Security Software security refers to a set of practices that help protect software applications and digital solutions from attackers. Developers incorporate these techniques into the software development life cycle and testing processes. As a result, companies can ensure their digital solutions remain secure and are able to function in the event of a malicious attack.
Fundamental Security Concepts– Software Security 37 Software Security Secure software development is incredibly important because there are always people out there who seek to exploit business data . As businesses become more reliant on software, these programs must remain safe and secure. With strong software security protocols in place, you can prevent attackers from stealing potentially sensitive information such as credit card numbers and trade secrets and build trust among users. The theft of critical data can be catastrophic for customers and businesses alike. Malicious actors can abuse sensitive information and even steal users’ identities. Additionally, companies can face legal penalties in the event of a data breach and suffer reputational harm.
Fundamental Security Concepts– Threats to Software Security 38 Threats to Software Security Software security threats are vulnerabilities or attacks that can exploit weaknesses in software, leading to unauthorized access, data breaches, or system compromise. These threats can arise at different stages of the software development lifecycle (SDLC) and affect software integrity, confidentiality, and availability. Code Vulnerabilities & Software Bugs: These occur due to insecure coding practices, allowing attackers to exploit weaknesses. Examples: Buffer Overflow – Writing data beyond allocated memory can lead to crashes or code execution. Race Conditions – Multiple processes accessing shared resources improperly. Integer Overflow/Underflow – Manipulating numerical limits to alter software behavior .
Fundamental Security Concepts– Threats to Software Security 39 Threats to Software Security 2. Injection Attacks: Malicious inputs are inserted into an application to manipulate its execution. Examples: SQL Injection – Injecting SQL queries to access or modify a database. Command Injection – Injecting system commands through input fields. XML External Entity (XXE) Attacks – Exploiting XML parsers to access sensitive files .
Fundamental Security Concepts– Threats to Software Security 40 Threats to Software Security 3. Malware & Ransomware Attacks: Malicious software that exploits software vulnerabilities. Examples: Trojan Horses – Software appearing legitimate but executing harmful actions. Ransomware – Encrypting files and demanding payment for decryption. Spyware & Keyloggers – Monitoring user activity and stealing credentials. .
Fundamental Security Concepts– Threats to Software Security 41 Threats to Software Security 4. Data Exposure & Leakage: Failure to protect sensitive data from unauthorized access or leaks. Examples: Unencrypted Data Transmission – Sending sensitive data over HTTP instead of HTTPS. Hardcoded Credentials – Storing passwords or API keys in source code. Improper Access Controls – Allowing unauthorized users to access sensitive files.
Fundamental Security Concepts– Threats to Software Security 42 Threats to Software Security 5. Authentication & Authorization Attacks: Exploiting weak access control mechanisms to gain unauthorized access. Examples: Brute Force Attacks – Guessing passwords using automated scripts. Session Hijacking – Stealing user session tokens to impersonate users. Privilege Escalation – Gaining higher user privileges than intended.
Insecure Software and Sources of Insecure Software 43
Fundamental Security Concepts 44 In secure Software and Sources of Insecure Software Insecure software refers to applications or systems that contain vulnerabilities, weaknesses, or flaws that can be exploited by attackers to gain unauthorized access, manipulate data, or disrupt functionality. Insecure software lacks proper security controls, making it susceptible to cyber threats such as malware infections, data breaches, and privilege escalation attacks.
Fundamental Security Concepts 45 Characteristics of Insecure Software Weak Authentication & Authorization – Lacking proper user verification mechanisms. Poor Input Validation – Allowing SQL injection, command injection, and buffer overflow attacks. Unpatched Vulnerabilities – Software that is outdated and missing security updates. Hardcoded Credentials – Storing passwords, API keys, or tokens in the source code. Improper Error Handling – Exposing sensitive system details in error messages. Lack of Encryption – Transmitting or storing sensitive data in plain text. Weak Configuration & Defaults – Using default credentials or misconfigured security settings.
Fundamental Security Concepts 46 Sources of Insecure Software Poor Software Development Practices Lack of Secure Coding Standards – Developers not following best practices (e.g., OWASP Top 10). Ignoring Security During Development – Prioritizing functionality over security. Failure to Perform Code Reviews – Unchecked security flaws remain in production code. Use of Insecure Libraries & APIs – Dependency on unverified third-party components.
Fundamental Security Concepts 47 Sources of Insecure Software 2. Untrusted Open-Source Components Vulnerable Open-Source Packages – Attackers injecting malicious code into public repositories. Lack of Security Audits for Dependencies – Using outdated or compromised libraries. Supply Chain Attacks – Exploiting insecure software dependencies in CI/CD pipelines.
Fundamental Security Concepts 48 Sources of Insecure Software 3. Outdated & Unpatched Software Unpatched Operating Systems & Applications – Leaving known security holes open. Legacy Software with No Security Updates – Using outdated technology no longer supported. Failure to Apply Security Patches – Ignoring vendor-released security fixes.
Fundamental Security Concepts 49 Sources of Insecure Software 3. Malicious or Compromised Software Pirated & Cracked Software – Often bundled with malware, spyware, or backdoors. Unverified Third-Party Applications – Installing software from untrusted sources. Trojanized Applications – Legitimate-looking software containing hidden malicious code.
Fundamental Security Concepts 50 Sources of Insecure Software 5. Misconfigured Software & Weak Security Controls Default Credentials & Settings – Leaving software with admin/admin as login credentials. Excessive User Privileges – Granting users more access than necessary. Weak or No Encryption – Storing sensitive data in plaintext databases. 6. Lack of Security Testing & Audits No Penetration Testing – Failure to test software for real-world attacks. Ignoring Security Logs & Monitoring – Missing signs of intrusion or attack. Inadequate Threat Modeling – Failing to identify potential attack vectors.
Fundamental Security Concepts 51 How to Prevent Insecure Software? Follow Secure Software Development Lifecycle (SDLC) – Integrate security at every phase. Implement Secure Coding Standards – Follow OWASP guidelines and best practices. Regularly Update & Patch Software – Address known vulnerabilities in a timely manner. Use Trusted Sources for Software & Libraries – Avoid pirated or unverified applications. Perform Security Testing – Use static/dynamic analysis, penetration testing, and threat modelling. Enforce Strong Authentication & Access Controls – Implement multi-factor authentication (MFA). Encrypt Sensitive Data – Ensure encryption for both data at rest and in transit.
Summary 52 Finally, we have discussed in Fundamental Security Concepts Fundamental Security Concepts Existing Security Solutions (Firewalls, IDS/IPS, Antivirus, Encryption Mechanisms, EDR Solutions, SOC/NOC,SIEM,SOAR) Software Security Threats to Software Security Insecure Software and Sources of Insecure Software Secure Development Processes
Any Questions ? 53
Tags
Categories
EducationDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 9
- Slides 53
- Age 78 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
32 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
27 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
42 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
41 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
25 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
25 views