Software Security
What is Software Security?
Secure Coding
Secure coding is the practice of writing software that’s resistant to attack by malicious or mischievous people or programs. An insecure program can provide access for an attacker to take control of a server or a user’s computer, resulting in anything from denial of service to a single user, to the compromise of secrets, loss of service, or damage to the systems of thousands of users.
Attacks
Attacks often take advantage of vulnerabilities found in web-based and other application software. Vulnerabilities can be present for many reasons, including coding mistakes, logic errors, incomplete requirements, and failure to test for unusual or unexpected conditions. Examples of specific errors include: the failure to check the size of user input; failure to filter out unneeded but potentially malicious character sequences from input streams; failure to initialize and clear variables; and poor memory management allowing flaws in one part of the software to affect unrelated and more security critical portions.
There is a flood of public and private information about such vulnerabilities available to attackers and defenders alike, as well as tools and techniques to allow “weaponization” of vulnerabilities into exploits. Attackers can inject specific exploits, including buffer overflows, Structured Query Language (SQL) injection attacks, cross-site scripting, cross-site request forgery, and click-jacking of code to gain control over vulnerable machines.
Best Practices
Software security best practices leverage good software engineering practice and involve thinking about security early in the software development lifecycle, knowing and understanding common threats, including language-based flaws and pitfalls, designing for security and subjecting all software artifacts to thorough objective risk analyses and testing. <br><br>
Secure coding helps protect a user’s data from theft or corruption. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, we can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
Here is a Great Resource for Secure Coding:
No comments:
Post a Comment