The Brass Tacks of Application Security

A comprehensive determination of the security state of an application must include an analysis for the following classes of code vulnerabilities, as well as their individual components. This detailed list serves to highlight the areas of software applications that are most vulnerable to malicious attacks. Shoring up these weaknesses will go a long way toward protecting unwanted access to sensitive data.

• Security-Related Functions: Applications are the sum of many discrete features. An incautious combination of these features can easily create a security risk and lead to breaches of privacy, confidentiality or system integrity. Problems include:
    o Weak or nonstandard cryptography. If attackers can break encryption algorithms, they can steal sensitive data. For encryption to be effective, the underlying cryptography must be based on sufficient randomness and on truly secure algorithms.
    o Insecure network communications, unless secure networking communications protocols (such as SSL) are employed, critical data may be exposed during transit.
    o Application configuration vulnerabilities. If configuration files are insecure, attackers may be able to manipulate them and adjust software properties to gain access to sensitive data.
    o Access control vulnerabilities. Organizations must implement a strong technique for identifying users and ensure users can only touch data they are allowed to access.

• Input/Output Validation and Encoding Errors: Most applications require inputs, yet each input can introduce vulnerability, and thus must be validated to ensure it will not cause the application to behave unpredictably.
    o SQL injection vulnerabilities -- Hackers favor this attack technique for its ability to reveal sensitive data by injecting code that enables access to databases. A parameterized database can block the injection of code and stop these attacks cold.
    o Cross-site scripting vulnerabilities -- XSS attacks use insufficiently protected output mechanisms to cause users to execute or access malicious code. The most severe of these attacks expose users' session cookies, allowing accounts to be hijacked and enable phishing attacks. Encoding the application output defeats this type of vulnerability.
    o Operating system injection vulnerabilities -- Attackers can use malformed inputs to affect OS behavior. Be wary when applications require access to operating-system-level commands.
    o Custom cookie/hidden field manipulation -- Unless developers validate cookies, they create an opportunity for attackers to modify the custom names and values and for successful attacks.

• Error Handling and Logging Vulnerabilities: Tracing an application's error handling and logging is of paramount importance because so many attacks succeed by feeding bad data into an application and exploiting the resulting application misbehavior.
    o Insecure error handling -- Poor error handling can give attackers crucial information about the application for launching attacks.
    o Insecure or inadequate logging -- Block accessibility to log files; they are a goldmine for attackers. Also, closely examine the need to log any sensitive information. If it must be captured, ensure that it's strongly encrypted and stored in a secure location.

• Insecure Components: Either through malice or through poor code-writing practices, vulnerable code may become part of an application.
    o Unsafe native methods -- Interfaces within higher-level programming languages verify that access to resources is legitimate. Native methods sidestep these interfaces to improve performance. The risk of miscoding is high with these methods, and they should only be used when performance is paramount.
    o Unsupported methods -- Using undocumented functions or routines can produce hidden insecurities, allowing attackers to exploit an application. Remove these methods and replace them with supported ones.

• Coding Errors: Coding errors, known as implementation errors, can be caused by developers with insufficient training, compressed project schedules, improper project requirements prioritization or the reuse of questionable or unknown code. Coding errors can yield control of a system or process to an attacker and therefore must be vigorously removed from all code, whether in development or already in production.
    o Buffer overflow vulnerabilities -- Buffer overflows are the poster children for implementation errors. They occur when more data is copied into a buffer than it can hold. Hackers use this type of memory mismanagement to load and run exploit code in computer memory.
    o Format string vulnerabilities -- This type of vulnerability arises when incomplete calls appear within code, enabling attackers to embed additional data, arguments or requests for information within those calls.
    o Denial of service errors -- DoS refers to errors that cause the consumption of scarce resources, or the destruction or alteration of configuration information. To avoid failure conditions, developers must design their applications to not fail, even in worst-case scenarios.
    o Privilege escalation vulnerabilities -- Attackers exploit sections of programs in which an application itself grants or receives higher-level privileges. The onus falls on developers to ensure that the privilege escalation process cannot be exploited by rogue programs.
    o Race conditions -- Race conditions occur when the sharing of control or data by two processes is compromised, typically a result of synchronization errors. A typical exploit interrupts a pair of sequential calls with a third process.