This document summarizes a presentation about Leoni Wiring Systems and application security. It discusses Leoni's history and global expansion. It also covers secure software development practices, including introducing security early and conducting threat analysis. Security testing goals and methods like threat modeling are explained. Finally, it provides examples of secure computing concepts and a use case for a Sophos tool to track unmanaged machines. The overall document aims to discuss best practices for application security.
1. Work realized by:
₪ Rihab CHBBAH
Application Security Audit
Academic Year : 2015/2016
2. Plan
• Introduction
• Leoni Wiring
System
Presentation
• Security Software
Development
Part 1
• Security
Testing
Part 2
• Secure
Computing
• Use cases
Part 3
Conclusion
5. Started to manufacture
cable assemblies
1956
Leoni started its global
expansion by
establishing a wiring
harness plant in Tunisia.
1977
6. Leoni has acquired the wiring
harness division of the
French automative supplier
Valeo with 88 subsidiaries all
over the world
Tod
ay
Finis
h
7. Leoni Group
◊ more than 67,000 employees worldwide
◊ Located in many countries : Germany, China, Coria, Egypt, Frenc
Wire & Cable Solutions
◊ more than 8,000 employees
◊ Automotive
Industry & Healthcare
Communication & Infrastructure
Electrical Appliances
Conductor & Copper Solutions
Wiring Systems Division
◊ more than 59,000 employe
◊ Automotive Industry
9. LEONI Wiring System Tunisia
Information
ManagementInformation
Management
IM - Demand IM – Supply
IM – Information
Technology
IM – International
Services
IM team
assistance
IM CIO Office
IM Center Oganizatio
ɤ IM Service Center North Africa (IM
ɤ IM Service Center Easten Europe
ɤ IM Service Center Americas
ɤ IM Service Center Asia
10. LEONI Wiring System Tunisia -
IM SC NA
∞ Created in 2005,
∞ 1 Team,
∞ 3 Members (Web Developers)
∞ 14 Teams (IT, System Analysts, IM-Dema
Development, PPS and MES Consulting and as
∞ 65 Members
11. LEONI Wiring System Tunisia –
IM SC IT Teams
Security
Microsoft
Network & Communication
Data Center & Private Cloud
The relationship between these levels is based
on client-provider concept.
12. LEONI Wiring System Tunisia –
IM SC NA IT SecurityTeam
Enterprise solutions
Sophos Enterprise Solutio
∞ Application Control
∞ Device Control
∞ Update Manger
∞ Firewall
13. LEONI Wiring System Tunisia –
IM SC NA IT SecurityTeam
Sophos Anti-Virus
VARONIS – Folder Access
Rights Audit
SAFEGUARD
Hard Disk Encryption
Generate reports to all
Data owners to check
Access rights of their
own folders
Encrypt Hard Disks
Of Notebooks
Protect machines from
malwares.
15. Introduction
Application security is the use of software, hard
and procedural methods to prevent security flaw
in applications and protect them from external t
17. Secure Software Development
“The need to consider security and privacy “up front” is a fund
system development. The optimal point to define trustworthin
a software project is during the initial planning stages. This e
requirements allows development teams to identify key milest
and permits the integration of security and privacy in a way th
to plans and schedules. “
-Simplified Implementation of the Microsoft SD
18. Secure Software Development
By introducing security early in the
development lifecycle, companies are
able to meet their customer demands
for more secure products and
services. And companies can derive
additional benefits such as reduction
in patch maintenance and faster time
to remediate.
20. Security Testing is deemed successful when the below attribut
Authentication
Authorization
Availability
Confidentiality
Integrity
Non-Repudiation
Security Testing
Goal is to make sure that the
Application does not have any
Or system fallback
22. Security Testing
The inclusion of threat analysis & modeling in the SDLC c
Applications are being developed with security built-in fr
Threat Analysis & modeling allows you to systematically iden
that are most likely to affect your system. By identifying an
a solid understanding of the architecture and implementatio
you can address threats with appropriate countermeasures
With the threats that present the greatest risk.
23. Security Testing
Threat modeling accomplishes the following:
Defines the security of an application ·
Identifies and investigates potential threats an
Brings justification for security features
Identifies a logical thought process in defining
Results in finding architecture bugs earlier and
Results in fewer vulnerabilities ·
Creates a set of documents
26. Secure Computing
Asset: A system resource.
Threat: A potential occurrence, malicious or otherwise
Vulnerability: A weakness in some aspect or feature of a syste
Attack : An action taken by someone or something that harm
Countermeasure: A safeguard that addresses a threat and mit
Basic Terminologies
28. Secure Computing
Threat models
STRIDE model is a system developed by Microsoft for thinking about comp
It provides a mnemonic for security threats in six categories.
The threat categories are:
Spoofing of user identity
Tampering
Repudiation
Information disclosure
Denial of service (D.o.S)
Elevation of privilege
The STRIDE name comes from the initials of the six threat categories listed
It was initially proposed for threat modellng, but is now used more broadly.
32. Use CaseSophos Unmanaged machines follow-up tool
"OUlist.txt" contains the list of the sites to follo
"ContactList. xlsx" file which contains the list of c
"Email- Body.txt" to modify the email body,
"ExceptionList.xlsx" to add a technical exception
This application will query the Sophos Database to generate Unmanaged ma
33. Use CaseSophos Unmanaged machines follow-up tool
Roles
User Roles Service Roles
Administrator SQL Server
Active Directory,
.Net Framework,
Microsoft Excel,
Windows Text file.
Good morning, today we will present the fruit of work during the internship, we will begin our presentation with an organized plan
the presentation will be devised in several parts as demonstrated in the following plan.
we will begin with the company presentation where I did my internship then we will develop the subject "audit and security application" starting with an introduction then we will define the security software development and present some techniques to test this security. for better undrestanding, we will specify useful technical terms then we will explain the main work
Beginning with Leoni wiring system presentation
Leoni was founde in 1569 by anthonie fourrier who was born in lyon france, many yeas later 3 succeeded companies merged into newly established Leoni
In 1956 leoni started manufacturing cable assemblies. Thereupon, leoni started its global expansion by establishing a wiring harness plant in Tunisia,
Instantly, leoni has acquired the wirng harness division of the french automative supplier valeo with 88 subsidiaries all over the world
Within leoni group, we find over 67,000 employees herein 16 countries, it has 2 main divisions : wiring system division with more than 58,000 employees for automotive industry and wire and cable solutons with more than 8,000 emplyees for automotive cables in industry, healthcare and other sectors
Leoni had built 2 subsidiaries in tunisia located in sousse with different plant sections for different cars costemers, and the other plant in mateur sud and mateur nord with 2 plant section for PSA and Fiat and panda
The information management at leoni is gathering an assistance team, an office of chief information officer and collects demand, supply, information technology and internatioanl services teams
Above the world, leoni has 4 IM service centers, on in north africa, one in easten europ, one in americas and other one in Asia
For the IM service center north africa, it was created in 2005 and huddle 1 team composed of 3 web developers,
Nowadays, the IM service center north africa gathers 14 teams in different sectors with 65 members
The IM IT sector composed of 4 teams : security , Microsoft, network and communiction and also data center and private clouad
They are the second level support.
They are supported by external companies as third level support. The relationship
between these levels is based on client-provider concept.
They use sophos enterprise solutions to manage their products that manages and updates Sophos security software on computers using operating system and virtual environment, this enterprise solutions provides protecting network against malware, file types adware and against other potentially unwanted applications. Moreover, it prevents the use of unauthorized external storage
devices and wireless connection technologies on endpoint computers, administers the protection of client firewall on endpoint computers,
They uses sophos anti-virus to protect machines from malwares, varonis as folder access rights audit to generate reports to all data owners to check access rights of their own folders and safeguard as hard disk encryption to encrypt hard disks of notebooks
Developping now the subject, we will start with a small introduction
Application security has become a major concern in recent years. Hackers are using new techniques to gain access to sensitive data, disable applications and administer other malicious activities aimed at the software application. The need to secure an application is imperative for use in today’s world
So, how to secure software development?
When it comes to software development, security needs to be brought in from “around the edges”. Security defects can, and should be treated like software defects and managed as part of the development process.
Developing reliable and secure software is a tough challenge that confronts IT teams – both security and development teams
Leoni has taken the lead to establish secure code development initiatives that inject a set of security deliverables into each phase of the software development process,
The SDL models are structured around mapping security into key phases of the software development lifecycle:
Planning, Dsign, Implementation, testing, release and deployment
By introducing security early in the development lifecycle, companies are able to meet their customer demands for more secure products and services. And companies can derive additional benefits such as reduction in patch maintenance and faster time to remediate.
Testing the security is a priority. So what is security testing?
Security testing is basically a type of software testing that's done to check whether the application or the product is secured or not. It checks to see if the application is vulnerable to attacks, if anyone hack the system or login to the application without any authorization.
Security testing is implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner.
testing must start early to minimize defects and cost of quality.
Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high.
This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.
One method being used to implement application security in the design process is threat analysis & modeling. The basis for threat analysis & modeling is the process of designing a security specification and then eventually testing that specification. The threat modeling process is conducted during application design and is used to identify the reasons and methods that an attacker would use to identify vulnerabilities or threats in the system.
Threat modeling accomplishes the following: · Defines the security of an application · Identifies and investigates potential threats and vulnerabilities · Brings justification for security features at both the hardware and software levels for identified threats · Identifies a logical thought process in defining the security of a system · Results in finding architecture bugs earlier and more often · Results in fewer vulnerabilities · Creates a set of documents that are used to create security specifications and security testing, thus preventing duplication of security efforts
threat trees is a Method to explore valid attack paths , Represents conditions needed to exploit the threat, Determines all the combined vulnerabilities associated with a threat and it Focuses on mitigating the vulnerabilities that form the “path of least resistance”
For better undrestanding we will specify useful technical termes then we will explain the work
For the basic termonologies we will define some terms
Asset: A resource of value, such as the data in a database or on the file system. A system resource.
Threat: A potential occurrence, malicious or otherwise, that might damage or compromise your assets.
Vulnerability: A weakness in some aspect or feature of a system that makes a threat possible. Vulnerabilities might exist at the network, host, or application levels.
Attack (or exploit): An action taken by someone or something that harms an asset. This could be someone following through on a threat or exploiting a vulnerability.
Countermeasure: A safeguard that addresses a threat and mitigates risk.
Threat modeling allows to apply a structured approach to security and to address the top threats that have the greatest potential impact to applications, it exist different models beginning with the cia model
The cia model is A simple but widely-applicable security model is the CIA triad standing for:
Confidentiality
Integrity
Availability
These are the three key principles which should be guaranteed in any kind of secure system.
This principle is applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet.
If any one of the three can be breached it can have serious consequences for the parties concerned.
It also exists a stride model, This model classifes threats in accordance with their categories. By using these categories of threats, one has the ability to create a security strategy for a particular system in order to have planned responses and mitigations to threats or attacks.
Some tools are dedicated to modeling threats, we have the microsoft sdl threat modeling tool, it is a software-focused tool designed for rich client/server application development (for example, Windows and SQL Server, among others)
The tool assumes the final deployment pattern of the product is unknown (that is, if it will be used to manage business-critical applications with customer credit cards or not), so the focus of the tool is to ensure security of the software’s underlying code.
An other tool called threat analysis and modeling tool, this tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model.
The work that I did is presented at this section
This application will query the Sophos Database to generate Unamanaged machines in different Leoni sites. The list of sites can be found on a text file, After quering the Sophos Database the application will create a folder, On this folder, the application will generate an Excel le for each site. The Excel le will contain the information about each machine, After generating the Excel file with the list of Unmanaged machines, the application will look for the corresponding contact person(s) of the concerned site in an Excel file ,An email will be sent to the contact person(s) with the list of Unmanaged machines.
The maintenance of this application will be ensured through the maintenance of the "OUlist.txt" which contains the list of the sites to follow up, the "ContactList.xlsx" file which contains the list of contact persons by site, "Email-Body.txt" to modify the email body, and "ExceptionList.xlsx" to add a technical exception.
The Threat Analysis and Modeling Tool allows us to decompose the application into
roles, Data and components.
For the roles : User roles are assigned to any user who will be interacting with the application.
with this application, we have found only the administrator as user. He is the only one who has the ability to solve a problem of
an unmanaged machine.
Service Roles are trust levels, containing specic identities, which dene the context
of various components running in the software application. Within this context, we
have found the SQL Server, Active Directory, .Net Framework, Microsoft Excel and
Windows Text le.
Data defines the information type that is maintained, or processed, by the software application. with this application, we needed to the Contact List, the Exception List, Site List, Mail Body and unmanaged machines
Components are the building blocks of a software application that dene an instance of a technology type, We have found as components within this application the SQL Server, Active Directory, .Net Framework, Microsoft Excel and Windows Text file.
At this stage, we had dened the allowable permissions on the Data and the role that has
permissions on it. The specic permission are captured using the Create/Read/Update/Delete.
A use case is an ordered sequence of actions used to fulll a subset of the allowable
permissions that are dened in data access. For each use case identified, a data flow is generated.
Threat analysis is the analysis of the probability of occurrences and consequences of
attacks within a system.
With the Threat Analysis and Modeling Tool, threats are classified in accordance to
the CIA model and oers for each threat solutions to deal with it.
Threat factor for Condentiality
The primary threat factors for Confidentiality are the unauthorized disclosure of the
executing identity and the unauthorized disclosure of the data.
Threat factor for Integrity
The primary threat factors for Integrity are the violation of the access control, violation
of business rule, and violation of data integrity.
Threat factor for Availability
The primary threat factors for Availability are unavailability and performance degradation.
For each use case, the threat analysis and modeling tool generate a threat tree describes
In this diagram:
the root node is the threat in question (for example. unauthorized disclosure of read
using Active Directory by .Net Role).
Then, its children are the vulnerability types (for example, LDAP Injection).
Each vulnerability type has an underlying cause (for example, Dynamic LDAP queries
using untrusted input).
Then, each underlying cause has a mitigation technique (for example, untrusted input
should be validated against an inclusion list).
To conclude
safety is the most paramount aspect considered when developing an application. With that said, safety is increased with the correct security requirements put into place. However, in order to determine those security requirements, a process to determine possible threats and risk of those threats to the system is needed. By creating full threat models from use case flow diagrams and by assessing the risk of the detected threats within those models, one is able to determine the best security requirements for an application