Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Microsoft Writing Secure Code

from [Ton Geurts] Network Security [Permanent Link]
Subject: RE: Microsoft Writing Secure Code
Date: Thu, 6 Jan 2005 13:33:19 +0100 


-----Original Message-----
From: Damhuis Anton [mailto:DamhuisA@aforbes.co.za] 
Sent: dinsdag 4 januari 2005 10:53
To: secprog@securityfocus.com
Cc: Michael Howard
Subject: RE: Microsoft Writing Secure Code


I have read the book "Designing Secure Web-based Applications", found it
quite informative but also somewhat disappointing.

I was (at the time) looking for a book that assists with "writing secure
code". Thus how code should be written, not the way code interfaces with
security components.

Example:
What is the best way to display User Details:

~~Suedo code Begin ~~
Option 1:
If var_userLevel = USER then
   ... display User info
else
  ... Display Admin Info
end if



Option 2:
If var_userLevel = ADMIN then
   ... display Admin info
else
  ... Display User Info Info
end if



Option 3:
If var_userLevel = ADMIN then
   ... display Admin info
elseif var_userLevel = USER
  ... Display User Info Info
else
  ... Capture Error
end if

~~Suedo code End~~



To me it is Option 3. Somewhat more work, but a lot more secure, then
Option 1. If for some reason someone else writes the code to get the
variable for var_userLevel , and that code is hackable, Option 3 will
withstand the attack a lot better then Option 1. Option 2 in this case
would also be better then Option 1, as Option 1 would display the Admin
info for anybody other then user. Option 2 in this case would revert
back to the lower level of access. Thus just structuring the If stament
differently in Option 1 and 2, already makes the code more secure.

Also by logging all the errors in option 3's last "Else" statement one
can look for any thing overlooked initially (and capture any unknown
hacker attacks -although this is reactively)

Regards
  Anton
------------------------------------------------------------------------
--

Hi Anton,

If someone else can set the variable 'var_userLevel' than all secure
programming approaches will fail. Even more when you use guessable
values like "ADMIN" or 1 for admin levels and user level is "USER" or 0.

A variable of that importance should never be accessible from the
outside.

I agree with you that option 1 is Really Bad Coding(R). Option 3 doesn't
make you application more secure, it just gives you the possibility to
log more different situations. As a general practice catching
authorizations from high to low is best. At the bottom of this
fall-through approach you catch the not-authorized entries.

Ton.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Published Papers, Jesper Anderson
Next by Date:  Re: Microsoft Writing Secure Code, priestmaster
Previous by Thread:  Re: Microsoft Writing Secure Code, George Capehart
Next by Thread:  RE: Microsoft Writing Secure Code, Damhuis Anton
Indexes:  [Date] [Thread] [Top] [All Lists]