Preventing Security Bugs through Software Design presented at SecuritySymposium 2015

by Christoph Kern,

Summary : Many security bugs, such as Cross-Site-Scripting (XSS), SQL injection, buffer overruns, etc, are in isolation relatively straightforward to understand and avoid. Nevertheless, it tends to be surprisingly hard to prevent their introduction in large-scale software development: Large pieces of software have many code sites where such a bug could be potentially introduced, and large systems make it difficult to identify bugs once they exist.
This talk describes our approach to preventing the introduction of certain classes of security bugs in large-scale software development projects at Google. We present design patterns to confine the potential for XSS vulnerabilities to a very small, manually auditable fraction of an application's code base. These patterns have been applied to several of Google's flagship services and their underlying web application frameworks, and have resulted in a drastic reduction of XSS bugs observed. We will discuss the applicability of bug-prevention approaches based on framework and API design to other vulnerabilities classes such as SQL injection, and close with observations on the practicality of their integration into real-world, large scale software development projects.