C++Now 2019: Matthew Butler “Secure Coding Best Practices - Threat Hunting”

http://cppnow.org
—
Presentation Slides, PDFs, Source Code and other presenter materials are available at: http://cppnow.org/history/2019/talks/
—
C++ is a notoriously difficult language to master and Modern C++ is not far behind it. The language itself is powerful and flexible but does little to protect us from using it incorrectly and the closer a vulnerability is to an attack surface, the more easily it can be exploited. But how do you know where your attack surfaces are?

Threat Modeling is the foundation of everything else we do when securing our code. It tells us where the attack surfaces are, what possible attack vectors there are, where we aren't verifying who we're communicating with, where we're holding data and more importantly where we're holding data we don't use. Threat modeling forces us to analyze our designs & code by focusing our thinking to that of an attacker. Without it we have little to go on when looking for areas of vulnerability.

In this talk, we'll begin by looking at Intrusion Kill Chains, a simple but effective way to describe the process that attackers use to penetrate systems. We'll look at one of the most famous and successful attacks in cyber history through the lens of a kill chain.

Using this knowledge we'll then do a hands-on Threat Modeling exercise against an everyday system designed in Modern C++ using the STRIDE approach (and discuss others as we go). We'll look at:

how Spoofing can be used to gain unauthorized access to data within our system,
how Tampering is used to affect system behavior and how to protect against it,
how Repudiation is used to ensure that all systems behavior is verified,
how Information leaks give an attacker vital information on how to attack our systems,
how to defend against Denial of service attacks, and
how privilege Escalation attacks give attackers access to more than just our systems.


We'll also discuss how we have come to live in a Zero Trust world and how that affects systems design. We'll see how Threat modeling allow us to:

expose attack surfaces,
uncover architectural flaws early,
identify attack vectors,
balance risks and usability, and
document mitigation strategies.


Modern C++ is a powerful, flexible language, but it's not safe for those who have not truly mastered it. And as systems complexity increases, those knowledge gaps leave openings for attackers. Threat Modeling is the first step in sealing those gaps.
—
Matthew Butler
mbutler@laurellye.com
Matthew Butler has spent the last three decades as a systems architect and software engineer developing systems for network security, law enforcement and the military. He primarily works in signals intelligence using C, C++ and Modern C++ to build systems running on hardware platforms ranging from embedded micro-controllers to FPGAs to large-scale airborne platforms. Much of his experience has come in either building systems that defend against attackers or building highly sensitive systems that are targets. He is actively involved in the C++ community and is on various planning committees for C++Now and CppCon as well as being a speaker at both. He is also a member of the ISO C++ Standards Committee.

Over the past thirty years, he has learned the harsh lessons on how we often write systems that fail, not because they don't scale, but because they aren't designed to be secure.
—
Videos Filmed & Edited by Bash Films: http://www.BashFilms.com
---

*--*

---