Beruflich Dokumente
Kultur Dokumente
CISSP Essentials:
Mastering the Common Body of Knowledge
Software vendors have not been held liable for insecure code
Programmers are not taught secure coding practices in school
1. Project initiation
2. Functional design analysis
Project
Initiation
Functional
Design
Disposal
and planning
Project
Development
System
Design
ation
6. Operational/maintenance
7. Disposal
Installation
Test
Software
Development
Agenda
Software development topics
Development tools
Object-oriented programming
concepts
Security issues
Complexity of many components being used
together
Much harder to test in all scenarios
Tested and secure for one use, but not for a different use
In the old paradigm, the programmer would link the whole program and
test it
Dynamic linked libraries (DLLs) and shared libraries work at runtime, and
are called from several different sources
Object-oriented programming
Definition
Non-procedural programming where the emphasis is on data
objects and their manipulation instead of processes.
Benefits
Modularity
Deferred commitment
The internal components of an object can be redefined without changing
other parts of the system
Reusability
Refining classes through inheritance
Other programs using objects
Naturalness
Object-oriented analysis, design and modeling maps to business needs and
solutions
Objects
Instances of a class
They inherit the attributes, characteristics and
behaviors from their originating class
Distributed computing
Data processing taking place on
different systems
Common Object Request Brokers
CORBA, ORB
COM architecture
Component Object Model (COM)
The object-oriented programming
model that defines how objects
interact within a single application or
between applications
Defines APIs
Uses bytecode verifier. When an applet is downloaded, the verifier checks the
code to ensure that it is correctly formatted and does not contain common
errors.
Agenda
Database components
Management system software
Models
Definitions
Security issues
Distributed databases
Data mining
Database model
Model characteristics
Describes relationships between data elements
Used to represent the conceptual organization of data
Formal method of representing information
Database models
Hierarchical
Distributed
Object-oriented
Relational
Agenda
Database security
mechanisms and issues
Concurrency problems
Checkpoints
Trusted front-end
Aggregation
Inference
Views
Artificial intelligence
Expert systems
Refers to computer programs that apply
substantial knowledge of specific areas of
expertise to the problem-solving process
Malware
Virus
MeMe virus
Blended attacks
Remote control
malware
Worm
Logic bomb
Trojan horse
Timing attacks
Side channel attacks
Malware
Virus
A piece of code that requires a host
application to reproduce itself
Virus types
Advanced malware
Blended malware
Using more than one way to
infect and spread malicious
code within networks
CISSP Essentials:
Mastering the Common Body of Knowledge
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
www.LogicalSecurity.com
ShonHarris@LogicalSecurity.com