Implementation of SonarQube
To ensure continuous quality and assurance of security, we have implemented SonarQube into our development processes.
This is a code quality assurance tool that continuously reviews and analyses source code, looking for bugs and potential vulnerabilities, so that they can be addressed as they are found during development.
This will reduce the risk of introducing vulnerabilities or bugs with new releases.
CSRF in Web Preview
Web Preview now implements a mechanism which provides mitigation to Cross Site Request Forgery attacks.
It is possible that some environments or users may experience problems with the mechanism raising false positives. The usual symptom of this is when a Web Preview user gets the message 'The action you requested has not been performed' at the bottom of the page when performing an action on a model. To address this possibility, we have provided two options to disable the Web Preview CSRF Protection; one at a repository level, and one at a machine level.
At a repository level, this will affect all users when they are using the Web Preview for that repository, this can be found in the Active Enterprise settings under Security.
The setting defaults to checked (i.e. the CSRF Protection is enabled) and can be disabled by unchecking the setting.
It can be disabled at a machine level, by setting a Registry key:
Subkey: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Salamander\Business Activation\17\EnableWebPreviewCSRFProtection
To disable the mechanism, the subkey can be created as String or DWord. If it has a value of 0, the Web Preview CSRF protection will be disabled for instances of MooD 17 on the machine.
If the subkey has any other value, or if the value is missing, the protection will be enabled.
ODBC Driver Update
We have upgraded our ODBC driver to version 18, to ensure we are not using out of date, unsupported software. With this version we are able to use more modern and robust security features, such as 'Always Encrypted' which automatically encrypts and decrypts sensitive data.
This has introduced breaking changes, please see ODBC Driver 18.0 for SQL Server Released - Microsoft Community Hub for details.
To avoid inconvenience on upgrade we have set defaults to Encrypt=yes (provide some protection) and TrustServerCertificate=yes (trust that SQL Server we are talking to is the one we are supposed to be talking to), with further settings exposed in Repository Properties to allow a Deployment Engineer to override and provide more security.
New settings in the Server Properties also allow settings to be set server-wide to increase security; see here for more details of the features available.
File System Security
In various places where MooD generates temporary or cached files the file permissions have been tightened to mitigate the risk of execution of maliciously injected code.
Temporary files which may contain data are, where possible, actively deleted once no longer needed.
Mitigation of JavaScript Vulnerabilities
Various improvements have been made to the JavaScript used in the web product to mitigate potential vulnerabilities to Cross Site Scripting (XSS) attacks. These include the removal of obsolete libraries UnderscoreJS and AntiXSSLibrary.
MooD Active Enterprise will also have a Permissions-Policy header set by default for each response. This will mitigate the actions which an XSS attack could perform on a user’s device (such as use of the camera). If this policy restricts the operation of custom JavaScript which is part of the solution, the policy can be modified in the website’s web.config file.
Password Hashing
Where Username and Password authentication is used to log in to MooD (either Business Architect or Active Enterprise, passwords are now hashed using PBKDF2 with a work factor of 600,000. This work factor meets the current OWASP recommendation for FIPS compliance.
Note that existing stored passwords will not be upgraded to the new standard when the repository is upgraded.
A password for a specific user will be upgraded to the new standard the first time the user logs into MooD following upgrade of the repository.
If it is required that all username and passwords be upgraded to the new standard, we recommend you contact users and ask them to log in. If the security of password ‘at rest’ is of high concern to your organisation and you cannot ensure that all users log in post-upgrade please contact us for suggestions.
Comments
0 comments
Please sign in to leave a comment.