Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Security Risk Assessment - Microsoft Center

| Security Development Lifecycle
Template: Security Risk Assessment
Basic information-gathering tool to assist in creating security requirements
For the latest information, please see http://www.microsoft.com/sdl.
This document is provided “as-is.” Information and views expressed in this document, including URL and other
Internet Web site references, may change without notice. You bear the risk of using it.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection
is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You
may copy and use this document for your internal, reference purposes.
© 2011 Microsoft Corporation. All rights reserved.
Licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported
Microsoft and Windows are trademarks of the Microsoft group of companies.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note: The Security Risk Assessment is an information-gathering tool to assist in creating security
requirements. During the Requirements Phase, this document should provide a comprehensive
view of a project environment and intended use scenarios.
It assumes that the security contacts using this information also possess adequate knowledge of
each question’s security impact and can use this information to create security requirements that
reduce risk early in the project lifecycle.
Items mark in red should be deemed high-risk conditions and investigated accordingly.
Any items marked in green are best practice and recommended.
Review Info
Date questionnaire was filled out:
Names of people who filled out this questionnaire:
Who is the primary security contact on your team?
Component and Product Information
Component name:
Ship vehicles:
Where is your source code?
Where is your bug/work item database?
Where are your threat models?
What operating system (OS) platforms do you
support?
Windows® 7
Windows Vista®
Windows XP
Windows 2000
Windows Mobile
Windows Embedded
Xbox®
Mac
*nix
Other:
Does your application run on down-level
platforms?
Yes
No
General Background
Does your component support a multiuser terminal
services environment?
Does your component require the user to be an
administrator?
Do you ship any sample code
On what standard Windows services is your feature
dependent?
Yes
No
Describe briefly:
Yes
No
N/A
Yes
No
Dependent on:
Don’t know
1
Do you ship components that take code or binaries
from outside your team?
If Yes, from whom, and what level of review is
performed on this code?
Do you parse XML?
Do you use C++?
Do you use C#?
Do you use Visual Basic® .NET?
Do you use JavaScript?
Do you use SQL?
Do you use ASP.NET?
Do you use any other languages?
Which code analysis tools do you use?
Yes
No
Yes
No
Yes
No
Yes, compiler version:
Yes, compiler version:
Yes
No
Yes, compiler version:
Yes
No
Yes, compiler version:
/ analyze
FxCop Other:
No
No
No
No
Authentication
Do you perform authentication?
Do you use Basic authentication?
Do you use Digest authentication?
Do you use cookie/forms authentication?
Do you use SSP?
Do you use the Negotiate SSP?
Do you perform custom authentication?
Explain custom authentication implementation
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
Do you perform authorization?
Yes
No
Do you use Windows Access Control Lists (ACLs)?
Yes
No
Do you set any special ACLs?
Yes
No
Do you perform custom authorization?
Yes
No
N/A
Yes
No
N/A
Yes
No
N/A
N/A
N/A
N/A
N/A
N/A
Authorization
N/A
How do you perform custom authorization?
Does any part of your product run at an integrity
level other than medium?
Do you perform any authorization based on group
membership?
Cryptography
Do you use channel cryptography?
If Yes, what kind?
Do you use persistent-data cryptography?
Do you have your own cryptographic code in your
Yes
No
SSL/TLS
RPC privacy/integrity
DCOM privacy/integrity
Other
Yes
No
Yes
No
2
source tree?
If Yes, where and why?
Do you use Crypto API, CNG, or
System.Security.Cryptography?
Do you store secrets, passwords, and keys?
If Yes, where do you store them?
Do you use obfuscation of any kind?
For what purpose?
Do you use any form of random number
generation for security purposes?
If Yes, what API/method do you use to generate
random numbers?
What do you use the random numbers for?
Do you embed any form of secret data, password,
or key in your component?
Do you embed any public key roots or certificates
in your component?
Yes
No
For some things:
Yes
No
LSA Secrets
Data Protection API
Other:
Yes
No
Yes
No
Yes
No
Yes
No
Yes
No
Yes
No
Yes
No
Yes
No
Yes
Yes
No
No
Yes
No
Yes
No
Files and Data
List all directories where program-executable code
is stored.
What are the ACLs on the executables and their
parent directories?
Do you change ACLs on this location at
install/setup time?
Do you change ACLs on this location at upgrade
time?
Do you change ACLs on this location during
runtime?
List all registry keys your component creates or
writes to.
What are the ACLs on this key?
Do you change ACLs on this key at install/setup
time?
Do you change ACLs on this key during runtime?
Do you store temporary files?
If Yes, where?
Do you explicitly set ACLs on the temporary files?
How do you name the temporary files?
Do you store user data?
If Yes, where? And how is it protected?
3
Do you store information accepted from an
anonymous source?
Yes
No
Yes
No
If Yes, what type of information? How do you clean
it up? Where is it stored? How do you limit the
amount of data a client can push at you?
Networking and Messaging Capabilities
Do you have remote management tools?
If Yes, how does this work through a firewall?
Do you use any of the items at right?
DCOM
RPC
Sockets (TCP)
Sockets (UDP)
Named pipes
Multicast
Peer-to-Peer (P2P)
HTTP.SYS
NetDDE
LDAP
WCF
Other:
Do you perform custom remote procedure call
(RPC) marshalling?
Yes
No
Do you poke a hole in the firewall?
Do you create Server Message Block (SMB) shares?
If Yes, what shares?
Yes
Yes
No
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
Do you have any managed code components?
Do you use managed C++?
Do you use the
AllowPartiallyTrustedCallersAttribute (APTCA)
attribute?
Yes
Yes
Yes
No
No
No
Do you call into unmanaged code (for example,
PInvoke)?
Yes
No
DDE
IPv6
SOAP
C/C++ Specific Questions
Do you compile with /GS?
Do you link with /DYNAMICBASE?
Do you link with /NXCOMPAT?
Do you link with /SAFESEH?
How do you detect banned APIs?
Do you use Standard Annotation Language (SAL)?
Do you use HeapSetInformation to fail on heap
corruption?
.NET Code
4
ActiveX
Do you use any ActiveX® controls?
If Yes, please list:
Do you ship any ActiveX controls?
If Yes, please list:
Are any of the controls marked as safe for
scripting?
If Yes, please list:
If Yes, do you use IObjectSafety?
Do you register any monikers or Browser Helper
Objects (BHOs) with Internet Explorer (for example,
telnet://)?
Yes
No
Yes
No
Yes
No
Yes
Yes
No
No
Yes
No
If Yes, please list:
Services
Do you install any services?
If Yes, please list names:
Are they installed with a default installation of your
product?
Is the service behavior different depending on the
product version?
What is the default start type of your service at
installation?
What is your service recovery policy?
What identity does your service run as?
Does your service component directly display a
user interface (UI) on a user’s desktop?
Do you ever directly modify the ACL on the service
object, or do you just inherit the one assigned by
the Service Control Manager (SCM)?
If you directly set it, when does it get set?
What ACL do you set it to?
Do you use a different ACL for different product
versions?
Does your service listen to a network interface of
any kind?
If Yes, explain:
Yes
No
Comments:
Yes
No
Explain:
Automatic
Automatic (Delayed)
Manual
Disabled
First Failure:
Second Failure:
Subsequent Failures:
LocalSystem
NetworkService
Configurable:
Yes
Explain:
LocalService
No
Inherit from SCM
Directly set
During install
During upgrade
At runtime
Yes
No
5
Devices
Do you install any device drivers?
Yes
No
Yes
No
Yes
Explain:
No
Yes
No
Yes
No
Yes
Yes
Yes
No
No
No
If Yes, please list:
Accounts and Privileges
Do you create custom accounts?
If Yes, what accounts and what are they for?
Do you require or permit NULL sessions
(anonymous connections)?
Do you work correctly with User Account Control
(UAC)?
Do you require special privileges to run?
N/A
If applicable, what privileges and why?
Web
Does your application have a web component?
Is all untrusted input validated?
Is all untrusted output encoded?
Database
Do you use a database?
If Yes, which type?
Do you build queries by directly including text
fields obtained from user input?
If Yes, how to do normalize the user input to
ensure it does not contain SQL commands?
Do you use or create stored procedures?
Do you deny access to underlying tables?
Yes
No
SQL Server
Yes
No
List:
Yes
Yes
No
No
Yes
No
Other:
Documentation
Do you have security-specific best practices
documentation?
6
Analyzing the Questionnaire
If you answer “Yes” to any of these questions, your security team or primary security contact should use
this information to analyze your application more deeply. By completing a thorough security analysis and
defining security requirements early, you ensure that the development team has implemented application
defenses and reduced risk. The purpose of this document is to improve your ability to identify and focus
on the highest risk items.
Here are some general rules you can apply during analysis of this information:









Review every method and property on every ActiveX control to determine security.
If this is a new product, require and perform a thorough security design review.
If the application has kernel-mode and user-mode interaction, it must be threat modeled.
If non-administrators interact with higher-privileged processes, the application must be threat
modeled.
If the application is a security feature, it must be threat modeled.
Sample code must meet the same quality standards as shipping code and adhere to all Security
Development Lifecycle (SDL) requirements.
If an application parses files or network traffic, the application is subject to the SDL fuzzing
requirements during the Verification Phase.
All C++ code must use defensive compiler and linker switches.
Code analysis tools must be used
7
Related documents
ACLS Cover Page - Florida Heart CPR
ACLS Cover Page - Florida Heart CPR
ACLS PREP COURSE - emc
ACLS PREP COURSE - emc
2016 ACLS Class Schedule - Clark Memorial Hospital
2016 ACLS Class Schedule - Clark Memorial Hospital
CS 2813 - Loyola College
CS 2813 - Loyola College
Click HERE for the brouchure
Click HERE for the brouchure
Dear prospective student, You are receiving this letter because of
Dear prospective student, You are receiving this letter because of
2015 ACLS Class Schedule - Clark Memorial Hospital
2015 ACLS Class Schedule - Clark Memorial Hospital
Access Control - Course Website Directory
Access Control - Course Website Directory
Download