SOFTWARE

SECURITY
DR/ AIDA ‎‫م‬. NASR
 SOFTWARE DESIGN PROCESS

٠ SDLC: The Software Development Life Cycle Software Development Life Cycle (SDLC) Process
(SDLC) refers to the series of planned activities
involved in developing software products

Secure Software Development Life Cycle (SSDLC) Process

٠ SSDLC: The Secure Software Development Life
Cycle (SSDLC) is a process that enables
developers to create more secure software while
reducing development costs and addressing
security compliance requirements.

(@ Scanned with OKEN Scanner

 SSDLC

Traditional SDLC Secure SDLC

The focus is on developing efficient, and productive applications The focus ‎‫ كأ‬on developing secure applications without having an
at minimum costs and as fast as possible. impact on costs, time of delivery, and efficiency.

Security testing and secure coding aren’t included in its process Security testing and secure coding are fundamental parts of the
phases. process.

Testing starts at early stages and continues throughout the whole

Testing comes toward the end of the process.
process.

Security is an afterthought. Security is incorporated at every stage of the life cycle.

(@ Scanned with OKEN Scanner

BENEFITS OF SECURE SOFTWARE
DEVELOPMENT LIFE CYCLE (SSDLC):
Build More Secure Software

Help Address Security Compliance Requirements

Reduce Costs of Maintenance

Awareness of potential engineering challenges caused by mandatory security controls

Identification of shared security services and reuse of security strategies and tools

Early identification and mitigation of security vulnerabilities and problem

Documentation of important security decisions made during the development

)© Scanne d with OKEN Scanner

 PENETRATIONTESTING

٠ Penetration testing is a legal and authorized effort to identify and exploit vulnerabilities in

computer systems to enhance their security

٠ Penetration testing ‎‫ كا‬also referred to as:

Pen testing

PT
Ethical hacking

White hat hacking

Offensive security

Red teamin

(@ Scanned with OKEN Scanner

VULNERABILITY ASSESSMENT
VS
PENETRATIONTESTING

٠ A vulnerability assessment involves reviewing systems and services to

identify potential security issues, while a penetration test takes it a step

further by actually exploiting those vulnerabilities and conducting Proof of

Concept (PoC) attacks to demonstrate their existence.

PHASES OF A PENETRATION 1-51

PENETRATION TESTING STAGES

Analysis
Planning and Gaining Maintaining
And WAF
Reconnaissance Access Access
Configuration

Test goals are Scanning tools Web application APTs are imitated Results are used
defined and are used to attacks are toseeifa to configure WAF
intelligence is understand staged to vulnerability settings before
grthered how a target uncover a can be used testing is run
responds to target's to maintain acess again
intrusions vulnerabilities

(@ Scanned with OKEN Scanner

WHAT IS HACKING?
٠ Hacking’ refers 10 activities performed by a threat actor (a ‘hacker’) that seeks 0
compromise digital services, such as computers, smartphones, and networks. Hackers are
usually characterized as only being ILEGAL, motivated by financial gain, information
gathering, or even just for the thrill of having a challenge.

(@ Scanned with OKEN Scanner

TYPES OF HACKERS

LN\ y N
‎‫ب‬
‎‫را‬
White Hat Grey Hat Black Hat Blue Hat GreenHat Red Hat
. Green Hat Hackers

. Blue Hat Hackers

٠ Red Hat Hackers

)© Scanne d with OKEN Scanner

WHITE HAT

٠ White Hat hackers, also known as ethical hackers, are cybersecurity professionals hired by

organizations to conduct ethical hacking simulations that closely mimic real-world attacks

٠ White Hat hackers help businesses assess their security posture, enhance their defenses,

reduce the risk of cyber-attacks, and maintain the confidentiality, integrity, and availability

of their operations.

(@ Scanned with OKEN Scanner

 DIFFERENT ETHICAL HACKING ROLES

. 068061131100 Tester: Penetration testers conduct authorized tests 00 applications, systems,

networks, and infrastructure to identify weaknesses. They often specialize in specific systems.
. Computer Crime Investigator: This role focuses on the aftermath of data breaches.
Computer crime investigators examine auditing and monitoring systems 10 understand how
and why illegal activities occurred, investigating cases of hacking and other cybercrimes.
. Data Security Analyst: Typically, an in-house position, a data security analyst identifies
potential vulnerabilities(4l<iss ‎‫ (ثغرات‬within IT systems. They recommend and implement
safeguards to prevent breaches, such as creating firewalls and applying encryption.

(O Scanned with OKEN Scanner

2 BLACK HAT HACKERS

٠ Black Hat hackers represent the archetypal "hackers" often depicted in popular culture.
These individuals are criminals who seek unauthorized access to business assets to steal
confidential information for personal financial gain.

* Common lllegal Activities Include:

Sending phishing emails and SMS messages.
Writing, distributing, and selling malware, such as viruses.
. Conducting Distributed Denial of Service (DDoS) attacks to slow down or crash business
websites.

(@ Scanned with OKEN Scanner

3 GRAY HAT HACKERS

٠ Gray Hat hackers possess the skills of both Black and White Hat hackers, but their

motivations differ significantly. They are not interested in stealing information or necessarily

helping others; instead, they enjoy experimenting with systems and revel in the challenge

of finding vulnerabilities, breaking protections, and simply having fun with hacking

(@ Scanned with OKEN Scanner

(@ Scanned with OKEN Scanner
QUIZ

٠ What ‎1‫ ك‬the purpose of the Scanning phase in penetration testing?

A) To delete sensitive information

B) To create a report for stakeholders
C) To identify live hosts, open ports, and services running on the target
D) To cover tracks after testing

(@ Scanned with OKEN Scanner

QUIZ

٠ What ‎1‫ ك‬the purpose of the Scanning phase in penetration testing?

A) To delete sensitive information

B) To create a report for stakeholders
C) To identify live hosts, open ports, and services running on the target
D) To cover tracks after testing

(@ Scanned with OKEN Scanner

QUIZ

٠ After completing the exploitation phase, what ‎‫ كا‬the next step in the penetration
testing process?

A) Reconnaissance
B) Reporting
C) Scanning
D) Hiding

(@ Scanned with OKEN Scanner

QUIZ

٠ After completing the exploitation phase, what ‎‫ كا‬the next step in the penetration
testing process?

٠ A) Reconnaissance
B) Reporting
C) Scanning
D) Hiding

(@ Scanned with OKEN Scanner

QUIZ

٠ What characterizes White Hat hackers in the context of cybersecurity?

A) They engage 1١ illegal activities for financial gain.

B) They conduct ethical hacking simulations to help organizations improve their security.
C) They focus solely on exploiting vulnerabilities without any accountability.
D) They primarily operate as script kiddies using publicly available tools.

(@ Scanned with OKEN Scanner

QUIZ

٠ What characterizes White Hat hackers in the context of cybersecurity?

A) They engage 1١ illegal activities for financial gain.

B) They conduct ethical hacking simulations to help organizations improve their security.
C) They focus solely on exploiting vulnerabilities without any accountability.
D) They primarily operate as script kiddies using publicly available tools.

(@ Scanned with OKEN Scanner

QUIZ

٠ What distinguishes Gray Hat hackers from Black Hat hackers?

A) Gray Hat hackers always act with malicious intent.

B) Gray Hat hackers exploit vulnerabilities for fun but typically do not engage in harmful
activities.
C) Gray Hat hackers are always ethical in their hacking practices.
D) Gray Hat hackers work exclusively for organizations to improve security.

(@ Scanned with OKEN Scanner

REFERENCES

* [Link] _03m8o|NB0j96Osx
Zs0KcKIgMO&index=3

(@ Scanned with OKEN Scanner

OPERATING SYSTEM
SECURITY
R/ AIDA
 OS SECURITY LAYERS

٠ Each layer is vulnerable ‎‫مي‬ User Applications and Utilities

attack from below if ‎‫ عط‬lower

layers are not secured Operating System Kernel

appropriately Physical Hardware

OPERATING SYSTEM SECURITY

٠ Possible for a system to be compromised ‎)‫ (اختراق‬during the

installation process before it can install the latest updates,
building and deploying a system should be a planned process
designed to counter this threat.
 OPERATING SYSTEM SECURITY

INIST Guidelines for Secure Deployment:

Risk Assessment: Evaluate risks and plan system deployment.
Operating System Security: Secure the OS followed by critical applications.
Content Security: Ensure protection of critical content.
‫ل‬

Network Protection: Implement appropriate network security mechanisms.

‫جد‬

Ongoing Security Maintenance: Establish processes for maintaining security.

O‫‏‬
SYSTEM SECURITY PLANNING

٠ The first step in deploying a new system is planning

٠ Plan needs ‎‫ م‬identify appropriate personnel and training ‎‫م‬
install and manage the system
٠ Planning process needs to determine security requirements
for the system, applications, data, and users
٠ Aim: maximize security while minimizing costs
SYSTEM SECURITY PLANNING PROCESS

administer \ curit
_ _ B (firewalls, anti-virus c

categories

‫ ا‬the) e‫‏‬

i -ad_minister
authenticated
 OPERATING SYSTEMS HARDENING

* First critical step in securing a system ‎‫ كأ‬to secure ‎‫ عط‬base operating system
٠ Basic steps
* Install and patch (update) the operating system
٠ Harden and configure the operating system ‎‫ م‬adequately(4\S ‎‫ (بشكل‬address ‎‫عد‬
identified security needs of the system
* Install and configure additional security controls, such as anti-virus, host-based firewalls,
200 intrusion detection system (IDS)
* Test the security of ‎‫ عط‬basic operating system to ensure that the steps taken adequately
address its security needs

(O Scanned with OKEN Scanner

INITIAL SETUP AND PATCHING

0 Scanned with OKEN Scanner

 REMOVE UNNECESSARY SERVICES

* if fewer software packages are * when performing the initial

available to run the risk is installation, the supplied defaults
reduced should not be used
* default configuration is set to
* system planning process should maximize ease of use and
identify what is actually required functionality rather than security
for a given system ٠ if additional packages are needed
later, they can be installed when
they are required
 CONFIGURE USERS AND PRIVILEGES

* Not all users with access to a system * System planning process should consider:
will have the same access to all data and ٠ categories of users on ‎‫ عط‬system
resources on that system * privileges they have
* types of information they ‎‫ مق‬access

٠ Elevated privileges should ‎‫ عط‬restricted * Default accounts included as part of the

to only those users that require them, system installation should be secured
and then only when they are needed to * those that are not required should be either
¢ 1 removed or disabled
periorm 2 5 * policies that apply to authentication credentials
)‫(اعتمادات‬ 0

© Scanned with OKEN Scanner

 CONFIGURE RESOURCE CONTROLS

® Once the users and groups are defined, appropriate permissions can be set on
data and resources

® Many of ‎‫ عط‬security hardening guides provide lists of recommended changes ‎‫في‬

the default access configuration
٠ Further security possible by installing and configuring additional security tools:
٠ Anti-virus software
٠ Host-based firewalls
٠ IDS or IPS software
٠ Application white-listing

(O Scanned with OKEN Scanner

 SYSTEMTESTING

‫ ؟‬Final step in the process of initially securing‫‏‬ ‫ عط‬base operating system 5‫‏‬
security testing‫‏‬
* Goal: Ensure the previous security configuration steps are correctly implemented

® Checklists are included in security hardening guides

® There are programs specifically designed to:
® Review 2 system to ensure that a system meets ‎‫ عط‬basic security requirements
® Scan for known vulnerabilities and poor configuration practices

(O Scanned with OKEN Scanner

TOOLS

٠١ Vulnerability Scanners:
٠ Nessus:A widely used vulnerability scanner that identifies vulnerabilities,
misconfigurations, and compliance issues across various platforms.

٠ OpenVAS:An open-source vulnerability scanner that provides 2 comprehensive set of

tools to scan for vulnerabilities in systems and networks.

٠ Qualys:A cloud-based solution that offers vulnerability scanning and management,

including automated discovery and reporting.

(O Scanned with OKEN Scanner

TOOLS

2 Configuration Assessment 1005:

٠ CIS-CAT:The ‎‫ كا‬Configuration Assessment Tool allows you to assess system
configurations against the CIS benchmarks for security best practices.
* Lynis:An open-source security auditing ‎‫ اوم‬for Unix/Linux systems that scans for
system hardening and compliance issues.

٠ Chef InSpec:A framework for testing and auditing your applications and infrastructure
for compliance and security requirements.

(O Scanned with OKEN Scanner

 TOOLS

3 Network Scanners:

٠ Nmap:A powerful network scanning ‎‫ اعم‬that ‎‫ صق‬discover hosts and services on a network, and also identify
potential security vulnerabilities.
* Wireshark:A network protocol analyzer that ‎‫ مق‬be used ‎‫ م‬monitor and analyze network traffic for
suspicious activity or misconfigurations.
4. Penetration Testing Tools:
٠ Metasploit:A penetration testing framework that allows you to find and exploit vulnerabilities in systems,
helping to identify weaknesses.
٠ Burp Suite:A web application security testing ‎‫ اعم‬that ‎‫ مق‬identify vulnerabilities such as SQL injection and
cross-site scripting.

(O Scanned with OKEN Scanner

 APPLICATION CONFIGURATION
Thunderbird will be installed to the following location:
Ci\Program FilesMozilla Thunderbird

‫ سبج‬Thunderbird as my default mail appscation‫‏‬

٠ May include: S
:
[Link]
<o ‎‫لس‬
٠ Creating and specifying appropriate data storage areas for application
٠ Making appropriate changes ‎‫ م‬the application or service - configuration details

* Some applications or services may include:

٠ Default data, scripts, user accounts

٠ Of particular concern with remotely accessed services such as Web ‎‫ عمد‬file transfer
services

٠ Risk from this form of attack is reduced by ensuring that most of ‎‫ عط‬files ‎‫ صق‬only be read, but
not written, by the server

(O Scanned with OKEN Scanner

ENCRYPTION TECHNOLOGY
SECURITY MAINTENANCE

٠ Process of maintaining security is continuous

* Security maintenance includes:

* Monitoring and analyzing logging information
* Performing regular backups
* Recovering from security compromises (risks)
٠ Regularly testing system security
* Using appropriate software maintenance processes to patch and update all critical
software, and to monitor and revise configuration as needed

(O Scanned with OKEN Scanner

LOGGING

In the event of a system Key is to ensure you

Can only inform you about breach or failure, system capture the correct data
bad things that have administrators can more and then appropriately
already happened quickly identify what monitor and analyze this
happened data

Generates significant
Range of data acquired
Information can be volumes of information
should be determined
generated by the system, and it is important that
during the system
network and applications sufficient space is
planning stage
allocated for them

Automated analysis is
preferred

© Scanned with OKEN Scanner

QUIZ

1. What ‎‫ د قا‬primary risk during ‎‫ عط‬installation of a new system?

o A) User error

o B) Hardware failure

o ‎‫ بن‬Compromise before applying security updates

o D) Network latency
2. Why is it important to have ‎‫ د‬planned process for building and deploying ‎‫ د‬system?
o A) To ensure user satisfaction
o B) To meet budget constraints
o C) To counter security threats and vulnerabilities
o D) To minimize installation time

(O Scanned with OKEN Scanner

QUIZ

1. What is one potential consequence of a system being compromised during installation?

o ‎(‫ ل‬Enhanced performance
o B) Data loss or theft

o C) Improved user experience

o D) Faster installation

2. Which of ‎‫ عط‬following ‎‫ د قا‬recommended practice ‎‫ ما‬mitigate risks during system installation?

o ‎‫ عونا نط‬default configurations
o B) Implement security patches immediately after installation
o C) Ignore network security
o D) Install all applications before securing the system

(O Scanned with OKEN Scanner

DATA BACKUP AND ARCHIVE

Performing regular
backups of data is 3 Archive Needs and policy
critical control that relating to backup
assists with and archive should
maintaining the Theprocessol ‎‫أ‬ be determined
integrity of the retaining coples of
data over extended
during the system
system and user periods of time in planning stage
order to meet legal
data and operational
requirements to
access past data
Kept online or
offline

‫ ا‬060 locally or A‫‏‬

transported to a‫‏‬
remote site‫‏‬
٠ Trade-offs
include ease of
implementation
and cost versus
greater security
and robustness
against different
threats

(O Scanned with OKEN Scanner

 LINUX/UNIX SECURITY: PATCH/CONFIGS

٠ Patch management
* keeping security patches up ‎‫ م‬date ‎‫ ىا‬a widely recognized and critical control for maintaining security
* application and service configuration
* most commonly implemented using separate text files for each application and service
٠ generally located either in ‎‫ عط‬/etc directory or in ‎‫ عط‬installation tree for a specific application
* individual user configurations that can override ‎‫ عط‬system defaults are located ‎‫ م‬hidden “dot” files in
each user’s home directory
* most important changes needed to improve system security are ‎‫ فق‬disable services and applications
that are not required

(O Scanned with OKEN Scanner

LINUX/UNIX SECURITY

٠ Users, groups, and permissions

* 266655 is specified as granting read, write, 200 execute permissions ‎‫ م‬each of owner, group,
and others for each resource
٠ guides recommend changing ‎‫ عط‬access permissions for critical directories and files
* local exploit
* software vulnerability that ‎‫ مق‬be exploited by an attacker ‎‫ مف‬gain elevated privileges
٠ remote exploit
* software vulnerability in a network server that could ‎‫ عط‬triggered by a remote attacker

(O Scanned with OKEN Scanner

 LINUX/UNIX SECURITY

* Chroot ‎‫اندز‬
* restricts the server’s view of ‎‫ عط‬file system to just 2 specified portion
* uses chroot system call ‎‫ م‬confine a process by mapping the root of the
filesystem to some other directory
* file directories outside the chroot jail aren’t visible or reachable
* main disadvantage is 20060 complexity

(O Scanned with OKEN Scanner

WINDOWS SECURITY

‫عدوم‬ 1 Users administration‫‏‬

management and access controls
٠ “Windows Update” * systems implement
and “Windows Server discretionary access
Update Service” assist controls resources
‘with regular * Vista and later systems
‘maintenance and include mandatory
should be used integrity controls
+ third party ٠ objects are labeled‎‫كد‬
mlfi:ufl; ‎‫ا‬ being of low, medium,
e c h h or system integrity
update support ‎‫د‬
| system ensures the
| | “subject’s integrity is equal
1 v B an I'ugher than ‎‫ عط‬oh;ect’s
]0 ll‫‏‬ 0 ‫ل‬
3 ‫طلا دن‬

© Scanned with OKEN Scanner

WINDOWS SECURITY

;J'i 0 | 1 < 21

0111772 01721 1
| Regis
y
٠ Forms a database of keys and values that
may be queried and interpreted by
applications
٠ Registry keys ‎‫ مق‬be directly modified
using ‎‫“ عط‬Registry Editor”
٠ more useful for making bulk changes
WINDOWS SECURITY

٠*٠ Other security controls

* Essential that anti-virus, anti-spyware, personal firewall, and other malware and attack detection and
handling software packages are installed and configured
* Current generation VWindows systems include basic firewall and malware countermeasure
capabilities
* Important to ensure the set of products in use are compatible
* Windows systems also support a range of cryptographic functions:
* Encrypting files and directories using the Encrypting File System (EFS)
* Full-disk encryption with AES using BitLocker
* “Microsoft Baseline Security Analyzer”
* Free, easy to use tool that checks for compliance with Microsoft’s security recommendations

(O Scanned with OKEN Scanner