PSM’s Important 3 to 8

FIGURES & TABLES

Importance 3: Figure caption must be below the figure.

Importance 4: Table caption must put on top of a table.

Importance 5: All figures and tables must be recited and explained in the text on the same page.

Importance 6: Separate table between pages, must has their own header and numbered.

Importance 7: Put frame (box) for figure

Importance 8: Every topic must start with text first; not figure or table.

Back to PSM’s Importance

Cryptography: Modes of Operation

Five modes of operation, called

  1. Electronic Codebook (ECB) – Group 1 & 6
  2. Cipher Block Chaining (CBC) – Group 2, 7 & 11
  3. Cipher Feedback (CFB) – Group 3, 8 & 12
  4. Output Feedback (OFB) – Group 4, 9 & 13
  5. Counter (CTR) – Group – 5 & 10

Each group may execute our CL activity based on modes of operation given.

****

Scaffolding for our cooperative learning (CL) activity.

Besides our notes, here we have six interesting related contents and research works that you may refer to:

Block Ciphers Encryption Modes & Use DES to Construct Stream Ciphers pg. 27-38 by Fabio Martignon LRI, France.

Evaluation Criteria (Modes of Operation) by Murat Kantarcioglu, UTD Dallas.

FIPS81 DES Modes of Operation by NIST.

Modes of Operation Properties by David Kohel, USYD Sydney.

Error Propagation in Various Cipher Block Modes by Karel Burda, BrnoUT Czech Republic.

Block Ciphers Modes of Operation by Tutorialspoint.

You may refer to other resources also for references.

Explore & enjoy.

-msrashidah UTM (updated Dec, 2021)

Upload Entry Survey

Go to UTM E-learning:
  1. At course main page, Turn editing on > Add an activity or resource > Then select activity – Feedback.
  2. Adding a new Feedback page will appear. Then fill in the Name field for example “DL Entry Survey”, meanwhile the rest are optional > Then Save and return to course.
  3. DL Entry Survey link will appear in the course page. Next, click on the Entry Survey link.
  4. Entry Survey page will appear with several tabs. Go to Templates tab. If we already have a template, then click on Use a template link> Then choose Import questions link.
  5. On the Import questions interface> Tick Append new items> Next, Choose File > Choose the given template *.xml > Then, Upload this file > Back to Import questions page, select Yes button.
  6. Back to Entry Survey page > Select Edit questions tab.
  7. You made it! The entry survey questions are now available. You may edit, add and delete the questions if you want. If not, just proceed as it is.
You also may refer to screen captures below for each step details.

Step 1

Add activity – Feedback

Step 2

Step 3

Step 4 details

Step 5

Step 6

 

 

 

 

 

 

Happy Teaching for 2020/2021 Session!
Any question, you may email me at rashidah@utm.my. Bye.

Software Security: Code Review

CODE REVIEW

 

Industries: Source Code Review (Malaysia)
Quite remarkable to know that industries in Malaysia are involving in current cyber security requirements by providing services such as code review and penetration testing. Some of them get involved since 2016 by supporting Multinational Company.

 

They are:
LGMS @ Asia Cybersecurity Exchange 
Go to: https://lgms.global/source-code-review/
Teleawan Sdn Bhd
Go to: https://www.teleawan.com/source-code-review
FIRMUS
Go to: https://firmussec.com/source-code-review/

 

Most of the industries globally use OWASP Code Review Methodology.
You may easily find the current version of OWASP CODE REVIEW GUIDE 2.0 from https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf
The contents are:
  • How to use the guide
  • Secure Code Review
  • Methodology
  • Reviewing by Framework
  • OWASP Top Ten A1 – A10 [refer below]
Related information:

OWASP Top 10 Web Application Security Risks

https://owasp.org/www-project-top-ten/
Globally recognized by developers as the first step towards more secure coding. – OWASP

 

Source Code Analysis Tools

Also known as Static Application Security Testing (SAST) Tools.  Others information:
  • Important Selection Criteria (of tools)
  • Open Source & Commercial Tools available

For details, go to: https://owasp.org/www-community/Source_Code_Analysis_Tools

 

Source Code Review vs. Penetration Testing for Web Application Security by Uladzislau Murashka. Penetration Testing Consultant, ScienceSoft.

 “The article gives a clear view of the importance of comprehensive security testing. For web applications involving sensitive data (Healthcare,Banking, Insurance web applications.) it’s a perennial must. While pentesting explores vulnerable application areas, which may let the hackers in, code review helps detect internal problems and inconsistencies. Though these problems are not visible to outside hackers, they may be at the root of application vulnerability. “ Elizabeth Barkaline (2017)

Go to: https://www.scnsoft.com/blog/web-applications-security-source-code-review-vs-penetration-testing  (accessed at April 28, 2020)

 

What you should know before you Pick Secure Code Review services?

Interesting article to know more about Secure Code Review services that consist the following:
  1. 4 processes in SSDLC’s Coding (or Development) Phase
  2. 4 types of Code Reviews
  3. Tools and checklist for Code Review
  4. Practices for organization’s secure code
Reference:
https://www.briskinfosec.com/blogs/blogsdetail/What-you-should-know-before-you-Pick-Secure-Code-Review-services

 

Top 10 Most Popular Code Review Tools For Developers And Testers

https://www.softwaretestinghelp.com/code-review-tools/

 

Top 40 Static Code Analysis Tools (Best Source Code Analysis Tools)

https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/

As a computer security student and software developer,  I hope that we share the same excitement for the code review methodology and technology.

 

Your task for submission:
A page report that summarized the Code Review content here that you learn and understand.
Please include feedback – what do you know 1) before learning; 2) after learning and 3) how it will help you in the future job.
Submit to e-learning by Monday May 4, 4:03pm.

 

Thank you.
Ms Rashidah