Unit 6: Secure Coding

Secure coding ensures software is robust and safe from vulnerabilities by

adhering to principles like memory safety, comprehensive testing (fuzzing,
symbolic execution, static analysis), and secure architecture design. This
approach minimizes risks and defends against common security threats.
Secure coding is the practice of writing software in a way that protects it from
vulnerabilities. This practice is crucial in software development because it
directly addresses the increasing concerns of cyber threats and security
breaches. Secure coding is not just about fixing bugs after they are discovered;
it's about proactively designing and writing code to prevent security
vulnerabilities from occurring in the first place.

 Memory Safety and Vulnerabilities: Attacks and Defenses

Memory Safety: Ensuring correct memory use to prevent unauthorized access or
corruption.
 Common Vulnerabilities:
o Buffer Overflow: Writing more data than a buffer can hold,
overwriting adjacent memory.
o Use-After-Free: Using memory after it has been deallocated.
o Dangling Pointers: Pointers that reference memory no longer
valid.
o Heap Corruption: Errors during dynamic memory allocation.
Common Attacks:
 Stack Buffer Overflow: Exploits a buffer on the stack to overwrite
return addresses.
 Heap Exploits: Manipulate heap metadata to execute malicious code.
Defenses:
 Bounds Checking: Ensure array indices stay within limits.
 Stack Canaries: Special values on the stack to detect overwrites.
 Address Space Layout Randomization (ASLR): Randomizes memory
addresses to prevent predictable exploits.
 Safe Programming Languages: Use languages like Rust or Java to
avoid unsafe memory operations.
 Fuzzing
Fuzzing is an automated testing technique that generates random, unexpected,
or invalid inputs to test software. Detects unknown vulnerabilities & Improves
robustness.

1. Input Generation: Creates random or mutated inputs.

2. Program Execution: Feeds inputs into the program.
3. Monitoring: Observes for crashes, memory leaks, or abnormal behavior.

Tools:

 AFL (American Fuzzy Lop)

 libFuzzer
 Peach

Types of Fuzzing

There are various types of fuzzing techniques, and each method has a different
approach to generating and sending inputs to the target system.

 Mutation-based Fuzzing:
o This technique modifies existing valid inputs (test cases) to create
new test cases.
o The fuzzer takes a corpus of known inputs and mutates them by
changing bytes, flipping bits, or removing sections of the data.
o This is typically effective when no prior knowledge of the system
is required.
 Generation-based Fuzzing:
o In this approach, the fuzzer generates inputs from scratch, often
following the protocol or format specification.
o This can be more effective when you know the expected input
structure, as the fuzzer can create inputs that are specifically
designed to test boundaries or edge cases.
 Protocol-based Fuzzing:
o Targeting specific communication protocols (e.g., HTTP, FTP,
etc.), this fuzzer sends malformed data that could trigger a
vulnerability in the protocol handler.
 White-box Fuzzing (Coverage-guided Fuzzing):
o This approach uses program analysis (such as code coverage) to
guide the fuzzing process.
o Tools like AFL (American Fuzzy Lop) are widely used for this
purpose. The fuzzer will adjust its input generation based on the
execution paths it takes, increasing the chances of discovering
vulnerabilities.
 Black-box Fuzzing:
o This type of fuzzing works without any knowledge of the internal
workings of the target application or system. The fuzzer only
knows how to interact with the system externally.
 Grey-box Fuzzing:
o Grey-box fuzzing is a hybrid approach that combines elements of
both white-box and black-box fuzzing.
o It provides some level of insight into the internals of the program
(such as runtime behaviors) but does not require complete
knowledge of the code base.
 Symbolic Execution:

o Analyzes programs by using symbolic inputs instead of concrete values.

o Explores multiple paths to find bugs.
o Example: Validating all branches in a conditional statement for unsafe
states.

Static Analysis:

o Examines code without executing it to find vulnerabilities.

o Tools:
 SonarQube
 Coverity

Advantages:
Symbolic execution involves running a program with symbolic values instead of

real input data. Here's how it typically works:

1. Symbolic Variables: When the program execution encounters an input,

instead of assigning a concrete value (like 3 or "hello"), it assigns a

symbolic variable (e.g., x, y, or input string). These symbolic variables

represent a range of possible values.

2. Path Exploration: The symbolic execution engine explores all possible

execution paths the program might take based on the symbolic variables.

This means it tracks the program’s state and the conditions under which

different branches in the code are executed.

3. Path Constraints: During execution, the symbolic execution engine

collects path constraints, which are logical conditions that must hold true

for the program to follow a particular execution path. These constraints

are generated as the program evaluates if- else conditions, loops, and

other control flow structures.

4. Constraint Solving: Once the symbolic execution engine explores a

path, it uses a constraint solver to determine if the path conditions can be

satisfied. The solver checks whether there is any possible input that

could lead to a given execution path (e.g., to cause an overflow, trigger

an assertion failure, etc.).

5. Bug Detection: If a constraint solver identifies a solution that satisfies a

path condition that leads to a program failure (like a crash, exception, or

violation of security policies), this indicates the presence of a potential

bug or vulnerability in the program.

Types of Symbolic Execution

There are different ways symbolic execution can be applied, depending on the
goals and the techniques used:

 Path-Sensitive Symbolic Execution:

o This approach analyzes each execution path separately. It tracks
the state and constraints for every individual execution path taken
by the program.
o It is computationally expensive but provides high accuracy in
detecting complex vulnerabilities (e.g., race conditions or security
bugs).
 Path-Insensitive Symbolic Execution:
o Instead of tracking individual execution paths, this approach looks
at the overall program execution as a whole.
o It may not track the specifics of every branch condition but
provides more scalability for detecting simple vulnerabilities
across a broader range of inputs.
 Hybrid Symbolic Execution:
o This method combines symbolic execution with concrete execution
(like traditional testing) to balance the thoroughness of symbolic
execution with the efficiency of concrete execution.
o The program may execute symbolically until a concrete path is
required for further exploration.

 Secure Architecture
Secure architecture refers to the design and implementation of systems,
networks, and applications with security as a foundational principle. The
goal is to reduce vulnerabilities, minimize risks, and ensure the
confidentiality, integrity, and availability (CIA) of data and resources.
Secure architecture integrates security at every layer and stage of the
development and deployment process.

 Core Security Principles

1. Confidentiality:
o Ensure that data is accessible only to authorized users or systems.
o Techniques: Encryption, access controls, and data masking.
2. Integrity:
o Ensure that data and systems are accurate, complete, and
have not been tampered with.
o Techniques: Hashing, digital signatures, and checksums.
3. Availability:
o Ensure that data and resources are accessible when needed by
authorized users.
o Techniques: Redundancy, load balancing, and disaster recovery
plans.
4. Authentication:
o Verify the identity of users, systems, or entities before granting
access.
o Techniques: Passwords, biometrics, multi-factor authentication
(MFA).
5. Authorization:
o Grant permissions based on roles and policies to ensure proper
access control.
o Techniques: Role-based access control (RBAC), attribute-based
access control (ABAC).
6. Non-repudiation:
o Ensure that an entity cannot deny actions or transactions they
performed.
o Techniques: Logging, audit trails, and digital signatures.

 Key Secure Architecture Concepts

1. Zero Trust Architecture (ZTA):

o Principle: "Never trust, always verify."
o Key features:
 Continuous authentication and verification.
 Micro-segmentation of networks.
 Least privilege access controls.
o Tools: Identity and Access Management (IAM), software-defined
perimeters.
2. Secure by Design:
o Security is embedded into the system’s architecture from the
beginning rather than added later.
o Example: Input validation to prevent injection attacks.
3. Secure Software Development Lifecycle (SDLC):
o Integrate security throughout the software development lifecycle.
 Secure Network Architecture Principles

1. Encryption:
o Use encryption for data in transit and at rest to prevent
unauthorized access.
o Example: SSL/TLS for web communications.
2. Access Control:
o Implement strict access policies using VPNs, firewalls, and role-
based controls.
3. Endpoint Security:
o Secure devices that connect to the network to prevent malware and
unauthorized access.

 Secure Application Architecture Principles

1. Input Validation:
o Validate all user inputs to prevent injection attacks like SQL
injection or cross-site scripting (XSS).
2. Secure Authentication and Authorization:
o Use strong authentication methods and enforce access controls
based on roles or attributes.
3. Error Handling:
o Ensure error messages do not reveal sensitive system information.
o Example: Generic error messages instead of stack traces.
4. Session Management:
o Securely handle user sessions with measures like session
timeouts, secure cookies, and CSRF protection.
5. Secure API Design:
o Protect APIs with proper authentication, rate limiting, and input
validation.
 Operational Security Architecture

1. Monitoring and Logging:

o Monitor system activity and maintain logs for auditing and forensic
analysis.
o Tools: SIEM (Security Information and Event Management)
systems.
2. Incident Response and Recovery:
o Plan and prepare for security incidents with clear roles and
procedures for containment, eradication, and recovery.
3. Patching and Updates:
o Regularly update software and firmware to address known
vulnerabilities.
4. Backup and Recovery:
o Implement robust backup strategies to ensure data recovery in case
of a breach or failure.