app dis 8

winterishere

winsec3e_ppt_ch14.pptx

Home >Information Systems homework help >app dis 8

Security Strategies in Windows Platforms and Applications

Lesson 14

Microsoft Windows and the Security Life Cycle

www.jblearning.com

Cover image © Sharpshot/Dreamstime.com

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Learning Objective(s)

Implement security controls to protect Microsoft Windows systems and networks.

Describe techniques for protecting Windows application software.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Key Concepts

System life cycle phases

Agile software development

Microsoft Windows operating system and application software security management

Microsoft Windows operating system and application software secure development

Microsoft Windows operating system and application software revisions and change management

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Understanding Traditional System Life Cycle Phases

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Software Development Life Cycle (SDLC)

Formal model for the process of creating software.

Agile software development

Based on small project iterations, or sprints, instead of long project schedules.

Software Development Life Cycle (SDLC)

Agile software development

Software Development Life Cycle (SDLC)

Commonly implemented as a waterfall approach in the past

Breaks down software development process into a number of phases with the goal of standardizing and simplifying software development management

Specific start and end dates with deliverables

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

An SDLC with 10 Phases

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Agile Software Development

Based on small project iterations, or sprints, instead of long project schedules

Produces smaller deliverables more frequently

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Agile Development Cycle

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

10/17/2019

Managing Microsoft Windows OS and Application Software Security

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Create one project to develop a complete software application.

Create a new project for each individual program.

Create a project for a group of related software programs.

Use the agile method for each project.

Microsoft Security Development Lifecycle (SDL)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Developing Secure Microsoft Windows OS and Application Software

Building Security in Maturity Model (BSIMM)

Framework developed by a consortium of organizations to help you design a development process

Defines 116 unique activities, along with frequency

Software Security Framework (SSF)

Framework of the 116 activities, that groups 12 practices into four domains

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The Software Security Framework (SSF)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Process of Developing Secure Software, Simplified

Provide training in secure development

Include security from the beginning

Use secure programming techniques

Test for vulnerabilities

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Common Pitfalls for Code

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Lack of input validation

Information leakage through poor error handling

Sloppy authentication or encryption

Remote system access or code execution

Dynamic code execution

Implementing, Evaluating, and Testing Windows OS and Application Software Security

Purpose of formal testing is to evaluate how well your application meets overall performance, functionality, and security goals

Every goal from original specification should have at least one corresponding testing scenario

Testing scenario evaluates whether the application satisfies the goal

Testing activities can be manual or automated

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Possible Problems of Faulty Code

Inconsistent code and schema changes

Inconsistent interfaces with other programs

Faulty installation procedure

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Maintaining the Security of Microsoft Windows OS and Application Software

Keep development environment and tools up to date

Ensure OSs on software development computers have the latest security patches

Address vulnerabilities discovered in your application software as quickly as possible

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Maintaining the Security of Microsoft Windows OS and Application Software

Document changes and have a plan to reconcile production changes with testing as soon as possible

Check that all maintenance procedures protect your data’s security

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Microsoft Windows OS and Application Software Revision and Change Management

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Software Development Areas of Difficulty

Phase identification

Software Control

Change control

Phase transition

Activity coordination

Baseline identification

Communication

Repeatable processes

Software Configuration Management (SCM)

Configuration identification

Configuration control

Configuration auditing

Configuration status accounting

Best Practices

Incorporate security early and often.

Adopt a software development model to help define your organization’s development activities and flow.

Define activities for each phase in your model.

Ensure all developers are trained to develop secure applications.

Validate your software product at the end of every phase.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Best Practices (Cont.)

Create separate software projects for each related group of programs or program changes.

Do not begin a software development project by writing code—plan and design first.

Keep the three SDL core concepts in focus—education, continuous improvement, and accountability.

Develop tests to ensure each component of your application meets security requirements.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Best Practices (Cont.)

Study the most common application vulnerabilities and develop programming standards to ensure you don’t include the vulnerabilities in your application.

Identify and store programs, files, and schema definitions in a centralized, secure repository.

Control and audit changes to programs, files, and schema definitions.

Organize versioned programs, files, and schema definitions into versioned components.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Best Practices (Cont.)

Organize versioned components and subsystems into versioned subsystems.

Create baselines at project milestones.

Record and track requests for change.

Organize and integrate consistent sets of versions using activities.

Maintain stable and consistent workspaces.

Ensure reproducibility of software builds.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Summary

System life cycle phases

Agile software development

Microsoft Windows operating system and application software security management

Microsoft Windows operating system and application software secure development

Microsoft Windows operating system and application software revisions and change management

Page ‹#›

Security Strategies in Windows Platforms and Applications