Difference between revisions of "Secure coding"

From Safeval Wiki
Jump to: navigation, search
 
Line 2: Line 2:
  
 
The main items usually pointed out by these techniques are:
 
The main items usually pointed out by these techniques are:
* [[Input data validation]]
+
* [[Input data validation]] - Most external attacks will start with an unexpected data input
* [[Defensive programming]]
+
* [[Defensive programming]] - Redundancy in protection layers are an effective way to ensure security
* [[Database connection]]
+
* [[Database connection]] - Several internal and external attacks depends on weakness in this interface
* [[Secure input and output handling]]
+
* [[Secure input and output handling]] - Besides user input validation, every input and output data must conform to secure standards
* [[Secure error handling]]
+
* [[Secure error handling]] - If an error occurs, expected or unexpected, it should be treated correctly
 +
* [[Deterministic compiling]] - When you need to assure the security of the software, is important to establish an one to one correspondence between the executable and the source code
  
 
[[pt:Codificação segura]]
 
[[pt:Codificação segura]]
 
[[es:Codificación segura]]
 
[[es:Codificación segura]]

Latest revision as of 12:49, 8 July 2015

Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.

The main items usually pointed out by these techniques are:

  • Input data validation - Most external attacks will start with an unexpected data input
  • Defensive programming - Redundancy in protection layers are an effective way to ensure security
  • Database connection - Several internal and external attacks depends on weakness in this interface
  • Secure input and output handling - Besides user input validation, every input and output data must conform to secure standards
  • Secure error handling - If an error occurs, expected or unexpected, it should be treated correctly
  • Deterministic compiling - When you need to assure the security of the software, is important to establish an one to one correspondence between the executable and the source code