Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews"
Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution.
Choose all that apply.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.BDEF.
Microsoft software security expert Michael Howard defines the following heuristics for determining code review in "A Process for Performing Security Code Reviews": Old code: Newer code provides better understanding of software security and has lesser number of vulnerabilities.
Older code must be checked deeply.
Code that runs by default: It must have high quality, and must be checked deeply than code that does not execute by default.
Code that runs by default increases the application's attack surface.
Code that runs in elevated context: It must have higher quality.
Code that runs in elevated privileges must be checked deeply and increases the application's attack surface.
Anonymously accessible code: It must be checked deeply than code that only authorized users and administrators can access, and it increases the application's attack surface.
Code listening on a globally accessible network interface: It must be checked deeply for security vulnerabilities and increases the application's attack surface.
Code written in C/C++/assembly language: It is prone to security vulnerabilities, for example, buffer overruns.
Code with a history of security vulnerabilities: It includes additional vulnerabilities except concerted efforts that are required for removing them.
Code that handles sensitive data: It must be checked deeply to ensure that data is protected from unintentional disclosure.
Complex code: It includes undiscovered errors because it is more difficult to analyze complex code manually and programmatically.
Code that changes frequently: It has more security vulnerabilities than code that does not change frequently.
Michael Howard's heuristics for determining code review are intended to identify code that may have security issues and need further scrutiny. Among these heuristics are several that may increase an application's attack surface. Here is a detailed explanation of each answer:
A. Code written in C/C++/assembly language Code written in C/C++/assembly language can be more susceptible to certain types of vulnerabilities, such as buffer overflows, compared to higher-level programming languages. This is because these languages allow for direct manipulation of memory, which can lead to unintentional memory access or modification. As a result, code written in these languages may increase the attack surface of an application.
B. Code listening on a globally accessible network interface If code is listening on a globally accessible network interface, it means that it is potentially reachable from anywhere on the internet. This increases the attack surface of the application, as it exposes the code to a much larger pool of potential attackers. Any vulnerability in the code could be exploited remotely by an attacker who has discovered the service listening on the network.
C. Code that changes frequently Code that changes frequently can be difficult to keep secure, as changes may introduce new vulnerabilities or inadvertently remove existing security controls. Additionally, frequent changes may result in security issues being missed during code reviews or security testing, as it is more difficult to keep up with changes. Therefore, code that changes frequently may increase the attack surface of an application.
D. Anonymously accessible code Anonymously accessible code refers to code that can be accessed without requiring authentication or authorization. This means that anyone who can discover the service can potentially access the code and exploit any vulnerabilities present. Anonymously accessible code can increase the attack surface of an application by providing an entry point for attackers.
E. Code that runs by default Code that runs by default means that it is enabled and running without any user action required. This means that any vulnerabilities present in the code are immediately exploitable, without any additional effort required by an attacker. This increases the attack surface of the application, as it provides a default entry point for attackers.
F. Code that runs in elevated context Code that runs in elevated context refers to code that runs with higher privileges or permissions than a standard user account. This could be code running as an administrator, for example. If this code is vulnerable to attack, it can provide an attacker with elevated access to the system, potentially allowing them to perform actions they would not be able to do otherwise. Therefore, code that runs in elevated context may increase the attack surface of an application.
In summary, the heuristics that increase an application's attack surface are A, B, C, D, E, and F.