Secure Code the Cyber Pandemic Vaccine

Secure Code the Cyber Pandemic Vaccine

Wayne Pruitt CEI, CEH, ECSA, CHFI, CIH, CSP .Net, CSP Java,

EDRP, MCDBA, MCAD, MCSD, Security +

Owner of

Hardbit Solutions

Secure Code the Cyber Pandemic Vaccine

Secure Code the Cyber Pandemic Vaccine

BSCSE COMPUTER SYSTEMS ENGINEERING Fall 2015 Year One

CSEE 2200 Intro to Computer Systems Engr. I CSCI 1301 Intro to Computing & Programming

CSCI 1302 Software Development CSEE 2210 Intro to Computer Systems Engr. II

Year Two

CSEE 2220 Fundamentals of Logic Design CSEE 2920 CSEE Design Methodology

CSCI 1730 Systems Programming CSCI 2720 Data Structures

Year Three

CSEE 4280 Advanced Digital Design CSEE 4230 Embedded Systems Design CSEE 4270 Design of Digital Systems

CSEE Track Elective

Year Four CSEE 4920 CSEE Capstone Design Project

CSEE Track Elective CSEE Track Elective CSEE Track Elective

Secure Code the Cyber Pandemic Vaccine

BSCSE Electives Computer Hardware Systems

CSCI 4150 Numerical Simulations in Science & Engineering CSCI 4370 Database Management

CSCI 4730 Operating Systems CSCI 4740 Real-Time Scheduling CSCI 4760 Computer Networks

CSEE 4210 Digital Signal Processing CSEE 4240 Sensor Networks

ENGR 4260 Intro to Nano-electronics Mechatronics

CSEE 4320 Mechatronics CSCI 4150 Numerical Simulations in Science & Engineering

CSCI 4530 Intro to Robotics CSCI 4830 Virtual Reality

CSEE 4310 Embedded Robotics CSEE 4530 Intro to Optical Engineering ENGR 4220 Feedback Control Systems

ENGR 4270 Electronics II ENGR 4540 Applied Machine Vision

Biological Systems CSCI 4150 Numerical Simulations in Science & Engineering

CSCI 4490 Algorithms for Computational Biology CSEE 4630 Instrumentation for Monitoring Biological Systems

ENGG 4620 Biomedical Imaging ENGR 4220 Feedback Control Systems

MATH 4780 Mathematical Biology

Secure Code the Cyber Pandemic Vaccine

C++ Unit 1: Introduction and Setup Unit 2: Dealing with Data and Compound Types Unit 3: Object-Oriented Programming Unit 4: Advanced Concepts Unit 5: Memory Management and Testing Unit 6: Useful Examples and C++ Glossary

Web Development

Unit 1: The Internet and Web Protocols Unit 2: Client Server Architecture Unit 3: Web Software Unit 4: Hyptertext Markup Language (HTML) Unit 5: JavaScript, Ajax, and Java Server Pages (JSP) Unit 6: Web Security and Encryption

CS101 Unit 1: Introduction Unit 2: Object-Oriented Programming Unit 3: Java Fundamentals Unit 4: Relational and Logical Operators in Java Unit 5: Control Structures Unit 6: User-Defined Methods Unit 7: Arrays Unit 8: Java I/O and Exception Handling

CS102

Unit 1: C++ and Java Unit 2: The Building Blocks of Object-Oriented Programming Unit 3: C++ Standard Template Library Unit 4: Exceptions Unit 5: Recursion Unit 6: Searching and Sorting Unit 7: Template Programming

Secure Code the Cyber Pandemic Vaccine

Secure Code the Cyber Pandemic Vaccine

Secure Code the Cyber Pandemic Vaccine

Security - An Afterthought in the SDLC

Secure Code the Cyber Pandemic Vaccine

Security Development Lifecycle

Secure Code the Cyber Pandemic Vaccine

TRAINING

Secure Code the Cyber Pandemic Vaccine

Secure Code the Cyber Pandemic Vaccine

Secure Code the Cyber Pandemic Vaccine

• Input Validation • Output Encoding • Authentication and Password Management • Session Management • Access Control • Cryptographic Practices • Error Handling and Logging • Data Protection • Communication Security • System Configuration • Database Security • File Management • Memory Management

Secure Code the Cyber Pandemic Vaccine

• Input Validation

Do Not Trust Any Input!!!

Secure Code the Cyber Pandemic Vaccine

• Output Encoding

Sanitize Data to Other Systems!!!

Secure Code the Cyber Pandemic Vaccine

• Authentication and Password Management

Make Sure the Person or System that is

Asking, is who they say they are!!!

Secure Code the Cyber Pandemic Vaccine

• Session Management

Make Sure it is the Same SESSION!!!

Secure Code the Cyber Pandemic Vaccine

• Access Control

Least Privilege!!!

Secure Code the Cyber Pandemic Vaccine

• Cryptographic Practices

Do Not Write Your Own Crypto!!!

Protect the Keys!!!

Secure Code the Cyber Pandemic Vaccine

• Error Handling and Logging

Do Not Disclose Sensitive Info!!!

Secure Code the Cyber Pandemic Vaccine

• Data Protection

Protect DATA!!! Encryption

ACLs

Secure Code the Cyber Pandemic Vaccine

• Communication Security

Protect the Transmission!!!

TLS

Secure Code the Cyber Pandemic Vaccine

• System Configuration

Protect the System, Not Just the App!!!

Secure Code the Cyber Pandemic Vaccine

• Database Security

See Data Protection & Input Validation!!!

Secure Code the Cyber Pandemic Vaccine

• File Management

Restrict Access!!!

Scan Uploaded Files!!!

Secure Code the Cyber Pandemic Vaccine

• Memory Management

Prevent Buffer Overflows!!!

Clear Memory Often!!!

Secure Code the Cyber Pandemic Vaccine

Keep

It

Simple

Stupid

Secure Code the Cyber Pandemic Vaccine

Conclusion

Secure Code the Cyber Pandemic Vaccine

Questions

Secure Code the Cyber Pandemic Vaccine

Wayne Pruitt waynepruitt@hardbitsolutions.com