The Importance of Secure Programming

Post on 02-Jan-2016

36 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

description

The Importance of Secure Programming. "the cyber threat is one of the most serious economic and national security challenges we face as a nation" and “ America's economic prosperity in the 21st century will depend on cybersecurity.” President Obama, www.whitehouse.gov. - PowerPoint PPT Presentation

Transcript of The Importance of Secure Programming

The Importance of Secure Programming

"the cyber threat is one of the most serious economic and national security challenges we face as a nation"

and “America's economic prosperity in the 21st century will depend on cybersecurity.”

President Obama, www.whitehouse.gov

“The next Pearl Harbor we confrontcould very well be a cyber attack

that cripples our grid

our security systems

our financial systems

our governmental systems.”

In 2013: January 31: The New York Times and the

Wall Street Journal revealed their respective websites had been the target of a well-coordinated hacking effort.

Feb 1: Hackers targeted Twitter, gaining “limited” access to around 250,000 user accounts, including “usernames, email addresses, session tokens and encrypted/salted versions of passwords”

Feb 4: “Energy Department Hit In The Most Dangerous Cyber Attack Yet”

Feb 6: “Federal Reserve Hit by Cyber Attack”

“Here a Hack, There a Hack, Everywhere a Cyber Attack”

“Super Bowl Blackout Wasn’t Caused by Cyberattack”

Software vulnerabilities

Vulnerability – weakness in the software Estimated 1 to 7 defects per thousand lines

of code For large system with millions of lines of

code => thousands of vulnerabilities

Big Three

Three programming errors are responsible for 85% of vulnerabilities (SANS)

Buffer overflow - 23% increase

Integer overflow Input validation

http://upload.wikimedia.org/wikipedia/commons/thumb/d/d0/Buffer_overflow_basicexample.svg/502px-Buffer_overflow_basicexample.svg.png

Software Security begins with education

It is our job to teach secure coding

“I think the most critically important part of delivering secure systems is raising awareness through security education.”

Bill Gates, Microsoft

http://images.google.com/imgres?imgurl=http://celebrity-pics.movieeye.com/celebrity_pictures/Bill_Gates_718639.jpg&imgrefurl=http://www.movieeye.com/celebrity_addresses/details/15533/Bill_Gates.html&h=350&w=350&sz=62&hl=en&start=4&sig2=Zlr9YpiIXN8FyVIOuz45jw&um=1&tbnid=9j9mtWtosllIuM:&tbnh=120&tbnw=120&ei=z7L3R8-rO4_aecW_pLcB&prev=/images?q=bill+gates&um=1&hl=en&rlz=1T4GFRC_enUS206US207&sa=N

“The ability to write secure code should be as fundamental to a university computer science undergraduate as basic literacy.”

Matt Bishop, UC Davis

http://nob.cs.ucdavis.edu/bishop/images/Bishop_head.jpg

“The first and foremost strategy for reducing securing related coding flaws is to educate developers how to avoid creating vulnerable code.”

Robert C. Seacord, CERT

http://images.google.com/imgres?imgurl=http://www.informit.com/ShowCover.aspx?isbn=0321335724&type=f&imgrefurl=http://www.informit.com/store/product.aspx?isbn=0321335724&h=212&w=160&sz=20&hl=en&start=16&sig2=3XhgI0kfPeP-_uuI2ZVyiA&um=1&tbnid=aAWzLDRSsRhfYM:&tbnh=106&tbnw=80&ei=gbH3R678L42meqX25YcB&prev=/images?q=robert+seacord&um=1&hl=en&rlz=1T4GFRC_enUS206US207&sa=N

The current state of undergraduate security education…

• Security tracks • Security classes• Reaches only a

subset of students• Courses occur late

in curriculum• After students have

learned fundamental coding and design

Too little, too late

http://images.google.com/imgres?imgurl=http://www.informit.com/ShowCover.aspx?isbn=0321335724&type=f&imgrefurl=http://www.informit.com/store/product.aspx?isbn=0321335724&h=212&w=160&sz=20&hl=en&start=16&sig2=3XhgI0kfPeP-_uuI2ZVyiA&um=1&tbnid=aAWzLDRSsRhfYM:&tbnh=106&tbnw=80&ei=gbH3R678L42meqX25YcB&prev=/images?q=robert+seacord&um=1&hl=en&rlz=1T4GFRC_enUS206US207&sa=N

Early andOften

Create a Security Mindset

Secure coding education in a perfect world …

Top related

Hackers versus Developers and Secure Web Programming
 Technology
SECURE PROGRAMMING Chapter 1
 Documents
SECURE PROGRAMMING Prof. Stefano Bistarelli
 Documents
Secure Programming Principles - dewapurnama · Secure Programming Principles ... ASP.NET Validation Controls ... Secure Programming Principles Secure secrets
 Documents
Application Security and Secure Programming
 Documents
Secure Multihop Network Programming
 Documents
Secure Dot Net Programming
 Documents
Software security, secure programming
 Documents
Secure Programming - ABAP
 Documents
SECURE PROGRAMMING Chapter 3 Pointer Subterfuge
 Documents
Secure JEE Architecture and Programming 101
 Software
Secure Production Programming Solution (SPPS) User Guide
 Documents
EXIN Secure Programming Foundation
 Documents
Software security, secure programmingmounier/Enseignement/Software_Security/sli… · Software security, secure programming Lecture 2: How (un)-secure is a programming language ?
 Documents
Secure Programming Lecture 9: Secure Development · Secure Programming Lecture 9: Secure Development David Aspinall, Informatics @ Edinburgh 17th February 2017
 Documents
SCI202-Secure ABAP Programming
 Documents
CON4155_Reimer-Secure JEE Architecture and Programming 101
 Documents
Secure Programming Cookbook - Sapienzaparisi/Risorse/ch11.pdf · Secure Programming Cookbook for C and C++ Covers Unix & Windows. Secure Programming Cookbook for C and C++. Other
 Documents
706 Secure Programming ABAP
 Documents
2009 09 01 Secure Element Programming
 Documents

Copyright © 2022 FDOCUMENTS