Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Application Security Best Practices At Microsoft

Application Security Best Practices
At Microsoft
Ensuring the lowest possible exposure
and vulnerability to attacks
Published: January 2003
Solution Overview
Situation
Faced with the daunting task of inventorying, cataloging, assessing , and securing each LOB
application, the Microsoft IT group needed to create an organizational framework for handling
the job
Solution
Microsoft IT developed the Application Security Assurance Program (ASAP) to
inventory, assess and – when necessary – ensure the resolution
of security vulnerabilities found in LOB applications
Benefits




Lower cost of recovery and lost productivity
Minimize loss of data
Improve customer confidence
Decrease legal risks
Motivation For
Application Security




Cost of recovery and lost productivity
Loss of data
Impact on consumer confidence
Legal risks
Security Principles






Confidentiality
Integrity
Authentication
Authorization
Availability
Non-repudiation
Managing Risk




Strategic
Tactical
Operational
Legal
Overview Of ASAP




Wide variety of LOB applications designed by
Microsoft IT or individual business unit IT teams
Securing applications and data has grown in
significance and complexity
LOB applications function in a complex operational
and legal environment with an equally complex
underlying infrastructure
Every organization should develop its own plan for
securing applications
ASAP Deployment




Risk assessment
Design review
Pre-production assessments
Post-production followup
Assessment Criteria


Definition of an application
Scope of assessments



High-risk
Medium-risk
Low-risk
Assessment Criteria

Types of Assessments


Limited assessments
Comprehensive assessments
Participants
Corporate
Security


Security Policy
Threat Modeling
Application
Review
Team


Risk Assessment
Audits
Business
Unit IT
Groups

Action on Audit
Findings
Operations
IT

Action on Audit
Findings
Application Security
Process Framework
Educate IT Professionals
Design, Develop, Test, and Verify Secure Apps
Verify In Production Applications
Respond to Security Exposure Incidents
Apply Lessons Learned
Maintain and Publish Policies and Guidelines
Application Management – Secure
Infrastructure
NETWORK




Architecture
Transport
Network device
Access control
list (ACL)
permission
settings
HOST


Operating
system
Services






Internet
Information
Services (IIS)
Simple Mail
Transfer
Protocol
(SMTP)
File Transfer
Protocol (FTP)
NetBIOS/Rem
ote procedure
call (RPC)
Terminal
Services
Microsoft
SQL Server TM
APPLICATION






Input validation
Clear text
protocol
Authentication
Authorization
Cryptography
Auditing and
logging
ACCOUNT




Unused
accounts
Weak or blank
passwords
Shared
accounts
Access
privileges
TRUST

Rogue trusts
Building Secure Networks – Configuration



Network segmentation
Firewalls
Routers and switches
Building Secure Networks – Intrusion
Detections Systems And Network Encryption


Detection systems should monitor for
 Reconnaissance attacks
 Exploit attacks
 Denial of service attacks
Network encryption
 Key tool in preventing sensitive data from being read
 Sensitive communication should be encrypted
 Industry-standard encryption methods: Secure Sockets
Layer (SSL), secure shell program such as SSH, Internet
Protocol Security (IPSec)
Building Secure Hosts For Applications







Patch management
Configuration
Permissions
Simple Network Management Protocol
community strings
Antivirus software
Server auditing and logging
Server backup and restore
Application Layer Requirements








Input validation
Session management
Authentication and authorization
Design and code review
Application and server error handling
Application auditing and logging
Application backup and restore
Private data encryption
Common Application Development Issues






User input validation
Cookies, authentication, and access
Passwords
Access control lists
COM+ application configuration
Auditing and logging
Threat Modeling


Provides a consistent methodology for objectively
evaluating threats to applications
Microsoft IT uses STRIDE to identify threats






Spoofing identity
Tampering with data
Repudiation
Information disclosure
Denial of service
Elevation of privilege
Architecture Modeling


Component selection
Component location




Connection identification




Untrusted
Semitrusted
Trusted
Untrusted
Semitrusted
Trusted
Environment component identification
Lessons Learned








If you wait until an application is already in production to make it secure,
you are too late
Good security practices take into account both the host and the
application client
Create clearly written and easily accessible security guideline
documentation
Create security checklists that include
step-by-step instructions
Develop a thoroughly considered policy exception tracking process
Education is crucial to the success of a security program
Processes and reporting are required to ensure that inventory information
is maintained
Security is an ongoing, always changing, concern
Policies











Applications should comply with application security policies and guidelines
Applications should go through a security design review process
Third-party application vendors should provide assurances that the software does not
contain anything that could be used to compromise security controls
Internet-facing applications should use existing methods of authentication
Applications that reside on the corporate network should rely on Windows integrated
authentication
Applications that cannot use Windows integrated authentication should either encrypt or
hash the password stores
Credentials should never be stored or sent unencrypted
User input should be filtered and examined at the Web server
Web applications should use strong, nonpredictable session IDs
Web applications should use an inactivity timeout
Cookies that contain sensitive data should be marked as secure and nonpersistent
Future Security Considerations


Authorization Manager
Constrained Delegation
Summary




Business relies more and more on information
technology to operate
Securing access to critical resources ensures that
they continue to function as expected
Microsoft IT put policies and guidelines in place to
help Microsoft development teams secure their
existing applications
Documenting and sharing the lessons that are
learned by organizations are central to maintaining
security both within and among businesses
For More Information

Additional content on Microsoft IT deployments
and best practices can be found on
http://www.microsoft.com



Microsoft TechNet
http://www.microsoft.com/technet/itshowcase
Microsoft Case Study Resources
http://www.microsoft.com/resources/casestudies
E-Mail iT Showcase
showcase@microsoft.com
This document is provided for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 2003 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft,
Microsoft Press, Visual Studio, Visual SourceSafe, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in
the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective
owners.
Related documents
Application software assignment
Application software assignment
Chapter 1Computer Concept
Chapter 1Computer Concept
Activities 1-5 - Classroom Websites
Activities 1-5 - Classroom Websites
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
Nichole Klocke de Rodriguez
Nichole Klocke de Rodriguez
Download