Contenuti dettagliati del Corso
DAY 1
Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types
- Consequences of insecure software
- Constraints and the market
- The dark side
- Categorization of bugs
- The Seven Pernicious Kingdoms
- Common Weakness Enumeration (CWE)
- CWE Top 25 Most Dangerous Software Errors
Input validation
- Input validation principles
- Blacklists and whitelists
- Data validation techniques
- What to validate – the attack surface
- Where to validate – defense in depth
- How to validate – validation vs transformations
- Output sanitization
- Encoding challenges
- Validation with regex
- Injection
- Injection principles
- Injection attacks
- Code injection
- OS command injection
- Lab – Command injection
- OS command injection best practices
- Avoiding command injection with the right APIs
- Lab – Command injection best practices
- Case study – Command injection via ping
- Script injection
- OS command injection
- General protection best practices
- Integer handling problems
- Representing signed numbers
- Integer visualization
- Integer overflow
- Lab – Integer overflow
- Signed / unsigned confusion
- Case study – The Stockholm Stock Exchange
- Lab – Signed / unsigned confusion
- Integer truncation
- Best practices
- Upcasting
- Precondition testing
- Postcondition testing
- Using big integer libraries
- Integer handling in C#
- Lab – Checked arithmetics
- Files and streams
- Path traversal
- Path traversal-related examples
- Lab – Path traversal
- Additional challenges in Windows
- Path traversal best practices
- Unsafe reflection
- Reflection without validation
- Lab – Unsafe reflection
- Unsafe native code
- Native code dependence
- Lab – Unsafe native code
- Best practices for dealing with native code
DAY 2
Security features
- Authentication
- Authentication basics
- Multi-factor authentication
- Authentication weaknesses – spoofing
- Case study – PayPal 2FA bypass
- User interface best practices
- Password management
- Inbound password management
- Storing account passwords
- Password in transit
- Lab – Is just hashing passwords enough?
- Dictionary attacks and brute forcing
- Salting
- Adaptive hash functions for password storage
- Password policy
- NIST authenticator requirements for memorized secrets
- Password length
- Password hardening
- Using passphrases
- Lab – Applying a password policy
- Case study – The Ashley Madison data breach
- The dictionary attack
- The ultimate crack
- Exploitation and the lessons learned
- Password database migration
- Outbound password management
- Hard coded passwords
- Best practices
- Lab – Hardcoded password
- Protecting sensitive information in memory
- Challenges in protecting memory
- Storing sensitive data in memory
- Sensitive data in memory
- Inbound password management
- Authorization
- Access control basics
- Information exposure
- Exposure through extracted data and aggregation
- Case study – Strava data exposure
- System information leakage
- Leaking system information
- Information exposure best practices
- .NET platform security
- Code Access Security
- Code Access Security and Evidence
- Application Domains and Permissions
- The Stack Walk
- Lab – Code Access Security
- The transparency model
- Lab – The transparency model
- Role-based security
- Principal and identity
- Role-based permissions
- Impersonation
- Lab – Role-based security
- Protecting .NET code and applications
- Code signing
- Code Access Security
- UI security
- UI security principles
- Sensitive information in the user interface
- Lab – Extracting password from the UI
- Misinterpretation of UI features or actions
- Insufficient UI feedback
- Relying on hidden or disabled UI element
- Insufficient anti-automation
Time and state
- Race conditions
- Race condition in object data members
- Lab – Singleton member fields
- File race condition
- Time of check to time of usage – TOCTTOU
- Insecure temporary file
- Database race conditions
- Avoiding race conditions in C#
- Race condition in object data members
Errors
- Error and exception handling principles
- Error handling
- Returning a misleading status code
- Information exposure through error reporting
- Exception handling
- In the catch block. And now what?
- Catching NullReferenceException
- Empty catch block
- Catching and throwing SystemExceptions
- Lab – Exception handling mess
DAY 3
Cryptography for developers
- Cryptography basics
- Crypto APIs in C#
- Elementary algorithms
- Random number generation
- Pseudo random number generators (PRNGs)
- Cryptographically strong PRNGs
- Weak and strong PRNGs
- Using random numbers in C#
- Case study – Equifax credit account freeze
- Lab – Using random numbers in C#
- Hashing
- Hashing basics
- Common hashing mistakes
- Hashing in C#
- Lab – Hashing in C#
- Random number generation
- Confidentiality protection
- Symmetric encryption
- Block ciphers
- Modes of operation
- Modes of operation and IV – best practices
- Symmetric encryption in C#
- Symmetric encryption in C# with streams
- ProtectedMemory and ProtectedData
- Lab – Symmetric encryption in C#
- Asymmetric encryption
- The RSA algorithm
- Using RSA – best practices
- RSA in C#
- Lab – Using RSA in C#
- Elliptic Curve Cryptography
- The ECC algorithm
- Using ECC – best practices
- Combining symmetric and asymmetric algorithms
- The RSA algorithm
- Symmetric encryption
- Integrity protection
- Message Authentication Code (MAC)
- Calculating HMAC in C#
- Lab – Calculating MAC in C#
- Digital signature
- Digital signature with RSA
- Digital signature with ECC
- Digital signature in C#
- Lab – Digital signature in C#
- Message Authentication Code (MAC)
- Public Key Infrastructure (PKI)
- Some further key management challenges
- Certificates
- Chain of trust
- Certificate management – best practices
Common software security weaknesses
- Code quality
- Data handling
- Initialization and cleanup
- Class initialization cycles
- Lab – Initialization cycles
- Unreleased resource
- Initialization and cleanup
- Object oriented programming pitfalls
- Accessibility modifiers
- Are accessibility modifiers a security feature?
- Accessibility modifiers – best practices
- Inheritance and overriding
- Mutability
- Lab – Mutable object
- Readonly collections
- Accessibility modifiers
- Data handling
- Denial of service
- Denial of Service
- Resource exhaustion
- Cash overflow
- Flooding
- Algorithm complexity issues
- Regular expression denial of service (ReDoS)
- Lab – Regular expression denial of service (ReDoS)
- Dealing with ReDoS
- Hashtable collision
- How hashtables work?
- Hash collision in case of hashtables
- Hashtable collision in C#
- Regular expression denial of service (ReDoS)
Using vulnerable components
- Vulnerability management
- Patch management
- Vulnerability databases
- Lab – Finding vulnerabilities in third-party components
Wrap up
- Secure coding principles
- Principles of robust programming by Matt Bishop
- Secure design principles of Saltzer and Schröder
- And now what?
- Software security sources and further reading
- .NET and C# resources