From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Case study: Vulnerability-Oriented Architectural Analysis
From the course: Developing Secure Software (2015)
Case study: Vulnerability-Oriented Architectural Analysis
- After the pattern-oriented architecture analysis, you are now ready to examine the source code. The first thing to do during the vulnerability-oriented architecture analysis phase, is to locate the OpenEMR source code, implementing the security pattern, identified during the pattern-oriented architecture analysis phase. In our case study, the security pattern is intercepting validator. The next step, is to check if various parts of the OpenEMR source code takes advantage of the intercepting validator. To do this, when it's relied on, the vulnerabilities resulting from the misuse or no use, of the Intercepting Validator Pattern. There is a very common vulnerability caused by the misuse or no use, of the intercepting validator pattern. Sql injection vulnerability is one of them. Armed with this information, we can now check the areas of the OpenEMR source code where SQL injection is possible, and see if the developers are actually using or misusing the intercepting validator code. If…
Contents
-
-
-
-
-
Introduction to secure design1m 31s
-
(Locked)
Security tactics1m 21s
-
(Locked)
Security patterns1m 38s
-
(Locked)
Security vulnerabilities2m 1s
-
(Locked)
Architectural analysis for security2m
-
(Locked)
Case study: Setting the Stage33s
-
(Locked)
Case study: Tactic-Oriented Architectural Analysis1m 36s
-
(Locked)
Case study: Pattern-Oriented Architectural Analysis2m 33s
-
(Locked)
Case study: Vulnerability-Oriented Architectural Analysis1m 44s
-
(Locked)
Software security anti-patterns2m 7s
-
-
-
-
-