Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOFTWARE SECURITY EDUCATION WHAT NEXT???? Submitted by Srinath Viswanathan 006329076 Srinivas Gudisagar 006376734 1.

Published byJoy French Modified over 9 years ago

Similar presentations

Presentation on theme: "SOFTWARE SECURITY EDUCATION WHAT NEXT???? Submitted by Srinath Viswanathan 006329076 Srinivas Gudisagar 006376734 1."— Presentation transcript:

1 SOFTWARE SECURITY EDUCATION WHAT NEXT???? Submitted by Srinath Viswanathan 006329076 Srinivas Gudisagar 006376734 1

2 AGENDA Introduction Security types Certification’s Courses Conclusion 2

3 Introduction What is Security Software Education? Software security essentially deals with what are the security risks and how would one manage them. Security space can be cleanly divided into two distinct subfields:  Information Security  Application Security Information security concerns confidentiality, integrity and availability. 3

4 Information Security Secure both the information and the information systems. Classic Threats Disclosure ◦ Snooping, Trojan Horses Deception ◦ Modification, spoofing, repudiation of origin, denial of receipt Disruption ◦ Modification Usurpation ◦ Modification, spoofing, delay, denial of service 4

5 Application Security Application security applies security throughout the application’s life cycle. Protect from attacks from design defects, deployment and maintenance of the application. Application level security threats. Session Threat: Session Hijacking, Session replay, Man in the middle attack. Auditing and Logging: Non Repudiation Input Threats: Cross Site scripting, SQL injection 5

6 SQL Injection Username & Password SELECT passwd FROM USERS WHERE uname IS ‘$username’ Normal Query Web Browser Web Server Database 010010 1010101 0100101

7 SQL Injection SELECT passwd FROM USERS WHERE uname IS ‘’; DROP TABLE USERS; -- ' Malicious Query Eliminates all user accounts “Username & Password” Web Browser Web Server Database

8 Cross Site Scripting Cross Site Scripting /viewbalance Cookie: sessionid=40a4c04de “Your balance is $25,000” Alice bank.com /login.html /auth uname=alice&pass=ilovebob Cookie: sessionid=40a4c04de

9 evil.com Cross Site Scripting Cross Site Scripting Alice bank.com /login.html /auth uname=alice&pass=ilovebob Cookie: sessionid=40a4c04de /evil.html /paybill?addr=123 evil st, amt=$10000 Cookie: sessionid=40a4c04de “OK. Payment Sent!”

10 Why Security Certification? Professional validation of skills Exposure to industry standards Best practices Baseline skills for a specific role Quality of work & productivity Differentiation of your organization or group 10

11 Security Certifications Classifications: ◦ Benchmark  Wide recognition by professionals in all sectors  Advanced level  Prerequisite for many senior jobs ◦ Foundation  Introductory certifications  One to four years of experience

12 Security Certifications Classifications: ◦ Intermediate  3 to 4 years of networking experience  2 years of IT Security experience ◦ Advanced  Expert level  Minimum of 4 years of IT Security experience

13 Security Certifications Benchmark certifications: CISSP  ISC2.org  Common Body of Knowledge  Access Control Systems and Methodology  Applications & Systems Development  Business Continuity Planning  Cryptography  Law, Investigation & Ethics Cost $600 Average Annual Salary- $115,000

14 Security Certifications Foundation level: SANS GIAC Security Essentials (GSEC)  Basic understanding of the CBK  Basic skills to incorporate good information security practices GIAC IT Security Audit Essentials  Developing audit checklists  Perform limited risk assessment Cost $450 Average Annual Salary- $70,000

15 GIAC Secure Software Programmer:  Find Programming flaws.  Comes in 3 flavors.  Things provided by this certificate: a) It teaches some basic security concepts as well as advanced topics. b) Learning to write code with security in mind. Advantages: Learners can demonstrate mastery of security knowledge in the programming language. 15

16 Anti-Hacking Certification:  Thinking in Hackers Perspective.  Teaches different network security testing tools.  Things provided by this certificate: a) Learning Hacking tools like HTTPPort, BackStealth. b) Hacking SSL enabled sites. Advantages: a) It Complements CEH, and learners are able to come out with a complete security education. b) Learn to defend network from Trojans, virus. 16

17 EC-Council Certified Security Analyst (ECSA):  Analyze outcome of security tests.  Differentiating with Ethical hacker.  Things provided by this certificate: a) Methods and tool to test security. b) Performing network security testing and doing an Exhaustive analysis.  Advantages: a) Boosts your resume, by making you stand out as a better security professional. b) Makes you skillful in using security tools and techniques. 17

18 Courses: Wireless Security  Distinguished based on their range.  General threats Denial Of Service, Eaves dropping, man in the middle attack, replaying message, and hacker analyses patterns.  Defenses are Encryption, applying algorithms, using timestamp, authentication, IDS.  Defenses implemented with the base knowledge of network security. 18

19 VPN Security  Connect different nodes by a virtual network.  Methods to keep the communication and data secure are: a) Firewall b) Encryption c) IPSec d) Building AAA server. 19

20 Stanford Advanced Computer Security Certificate  Six Courses to be done.  The courses are: a) Using Cryptography Correctly - Avoid Programming mistakes b) Writing secure code – Secure code tools. c) Security Protocols – Design SSL,WEP, IPSec, Kerberos correctly. d) Software Secure Foundation – Secure Programming techniques. e) Web Security – Security issues with web 2.0, Face book lab. f) Securing Web Application – Secure website design, SQL injection lab.  1100$ at Stanford, 495$ online.  participants from organizations like Yahoo! Inc, Cisco Systems, Oracle. 20

21 Conclusion Software security is every engineer's problem! Certification and some of the courses that we mentioned is a great way to complement the network security course. Better Security for Organizations. 21

22 Reference: http://www.eccouncil.org/ECSA.htm http://www.securityuniversity.net/classes_Anti- Hacking_Certificate_Mgrs.php http://www.giac.org/certifications/software/ http://permanent.access.gpo.gov/lps96916/Draft-SP800- 48r1.pdf http://www.isc2.org/csslp-certification.aspx http://www.cigital.com/ssw/softsec_infosec.pdf http://www.cs.rutgers.edu/~vinodg/teaching/fall-2007- cs673/index.html http://www.cs.rutgers.edu/~vinodg/teaching/fall-2007- cs673/index.html 22

23 THANK YOU 23

24 ? 24

Download ppt "SOFTWARE SECURITY EDUCATION WHAT NEXT???? Submitted by Srinath Viswanathan 006329076 Srinivas Gudisagar 006376734 1."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Protecting the World from Cybercrime Neil Daswani August 27, 2008.

Protecting the World from Cybercrime Neil Daswani August 27, 2008.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Security Certification

Security Certification
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
A First Course in Information Security

A First Course in Information Security
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
BA 378: Accounting Information Systems Instructor: Dr. James R. Coakley.

BA 378: Accounting Information Systems Instructor: Dr. James R. Coakley.

Similar presentations

Ads by Google