Secure coding

From Safeval Wiki
Jump to: navigation, search

Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.

The main items usually pointed out by these techniques are:

  • Input data validation - Most external attacks will start with an unexpected data input
  • Defensive programming - Redundancy in protection layers are an effective way to ensure security
  • Database connection - Several internal and external attacks depends on weakness in this interface
  • Secure input and output handling - Besides user input validation, every input and output data must conform to secure standards
  • Secure error handling - If an error occurs, expected or unexpected, it should be treated correctly
  • Deterministic compiling - When you need to assure the security of the software, is important to establish an one to one correspondence between the executable and the source code