What is Un-validated Input?
Input received by program from untrusted source is a potential target for attack.
Possible threats of Unvalidated Input?
**– Buffer Overflows **- input that has been designed to overwrite program execution space
**– Cross Site Scripting ** input that contains scripts to be executed on other user’s browsers
– Command Injection - input that is modified to contain executable commands
How to validate all inputs?
- Limit maximum input character length
- Numbers: check bounds - min & max
- Make sure encodings (e.g. UTF-8, URL encoding) are legal and decoded results are legal
- Aware of various data types and input sources – Watch out for special characters (e.g. ‘, <, >)
What is Stack?
– Memory is allocated for automatic (local) variables within functions its used for temporary storage of information.
– Last In First Out (LIFO)
What is Heap?
– Memory allocated in the heap remains in existence for the duration of a program. It is used for dynamic memory allocation
What is Stack and Heap?
– Memory space for objects is always allocated in heap. Variables are placed on stack.
Benefits of threat modelling
- Discovers system threats before coding
- Saves cost as flaws are addressed during design time
- Validate the architecture and design
- Contribute to the risk management and Attack Surface Reduction process
- Guide the code review process and penetration testing process
Security Principles
- Minimize your attack surface
- Employ secure defaults
- Assume external systems are insecure
- Fail safely
- Never rely on security through obscurity alone
Purpose of threat modelling
- Understand security threats to a system
- Determine risks from those threats
- Establish appropriate mitigations
