Post on 17-Jan-2017
transcript
WRITING SECURE CODEIN JAVA
Vladimir Garbuz
Problem summary
Problem summary
Problem summary
Problem summary
Problem summary Developers are NOT responsible for
security bugs! Well, almost
Absolute most security issues are due to design! Either a vulnerable one Or an incomplete one – which makes the
developers decide what and how should be implemented
Object deserialization
https://www.contrastsecurity.com/security-influencers/java-serialization-vulnerability-threatens-millions-of-applications
Lack of web security configurations
X-Frame-Options Content Security Policy HTTP Strict Transport Security HTTP Public Key Pinning
Sessions - Cookie security flags HTTPOnly flag Secure flag Cookie scope - Domain
domain better not be set than set liberally to a domain
e.g. domain=server.com gives the cookie to subdomains It shouldn’t, but thanks to the RFC 2109 and 6265
circle-jerk… Cookie scope - Path
path must include only the webapp for which the cookie is
Sessions – Session fixation http://whatever.com/login.jsp?
jsessionid=E85FAC04E331FFCA55549B10B7C7A4FA
Session token in URL – bad, bad practice! It will also appear in server logs, browser
history, proxies, etc…
Decisions based on untrusted data
&admin=true Invisible/disabled controls Data MIME type Forced navigation to ID
Integer wrap-around
Race conditions Easy to create, hard to spotConsider following pseudocode:X = X + 10Thread 1 and 2 (T1 and T2) execute it:
15 != 25
Vulnerable components used Libraries and frameworks
OWASP Dependency Check BlackDuck
Vulnerable software
Input validation
Make it a universal component! used throughout the application, not ad-hoc
Random
Always use CSPRNG! “Oh please, what’s the difference?”
Random Popular PRNG named RANDU Dots as (x,y) and (x,y,z) – all fall in 15 3D
planes!
Random CSPRNG sequence attractor analysis
Random Windows 98 PRNG attractor analysis
RandomHacking Java’s Random(): predicting the
future Linear Congruential PRNG:seed = (seed * multiplier + addend) mod (2 ^ precision) Has 48 bits of state, but discloses only 32 at a time
e.g. nextInt() The remaining 16 bits are easily bruteforcible on
modern PCs:
RandomHacking Java’s Random(): peeking into the
past Long story short, one bit at a time we unwind the
changes a previous seed would’ve had on the current number And can do so recursively as far back as we wishUSE SECURE RANDOM
Vulnerable crypto EXP – export crypto
DES RC4
MD4 MD5 – yes, fully broken since 2007, stop using it! SHA-1
“Oh please, we’ve used MD5 forever and it’s been ok!”
Cryptographic hashWhat’s similar for these 3 images?..
Their MD5 hash!And a freely available tool HashClash was used!
Cryptographic hashMD5 Chosen prefix collisions
Cryptographic hashPassword storage
Never store passwords for verification in the clear
Use salts with hashes to fight rainbow tables Never use clear hash functions to hash
passwords Yep! Go for a key derivation function!
PBKDF2 scrypt bcrypt
Setting up SSL/TLS Do TLS the right way! Yay or nay?
ECDHE-RSA-AES256-GCM-SHA256 Yay!
ECDHE-RSA-RC4-SHA Nay!
EXP-RC4-MD5 Nay nay nay!!!
Questions and Discussion
Skype: vigarbuz