-
Notifications
You must be signed in to change notification settings - Fork 3
SecurityConcepts
Security is beyond a hot topic, it's a common objectives of IT organizations nowadays. Programs and systems have to be secure to protect company and user data, to provide quality services.
In this chapter we discuss the most important security concepts. We look into the attacker mindset and what we need to do on the defender side to protect the system. We are going to focus on programs (software), not on complete systems. As much as possible we will use Java.
computing systems, computer programs: input, output, finite state machine inner-workings
attacker goals: cripple, steal, control
cripple: denial-of-service, resource exhaustion, abnormal termination
steal: information disclosure, integrity violation
control: arbitrary code execution, privilege escalation
input, input validation, infiltrate & exfiltrate
control flow graph, finite state machine, complexity
security vs complexity, security vs overhead
trusted computing base (TCB), privilege separation, privilege escalation
secure systems, secure programs
bugs and vulnerabilities, exploits
attacks, attack vector, adversarial/threat model
points in defense: prevent existance, prevent exploitation
secure coding, static analysis, hardening, security checks
safe programming languages
Enter the 01-security-concepts/dir-list/ subfolder in the repository. Check the source code, find the issue with it, exploit the issue and then fix it to prevent it from happening again.
Based on: IDS07
Enter the 01-security-concepts/env/ subfolder in the repository. Check the source code, find the issue with it, exploit the issue and then fix it to prevent it from happening again.
Based on: ENV02.
Enter the 01-security-concepts/number/ subfolder in the repository. Check the source code, find the issue with it, exploit the issue and then fix it to prevent it from happening again.