Secure programming Tips

Some of the programming  mistakes lead to serious security issues (vulnerabilities). This programming errors very important to deal with because these costs companies a lot in terms of money, customer confidence on product. Some of these may cause

-> threaten the confidentiality of private information

-> threaten the integrity of data and operations

->threaten to disrupt availability of critical systems

-> Escalate the privileges of unauthorized users

1. Check for integer overflow.

While calculating Fibanoci seris or factorial, the next value may exeed the MAX interger value, make sure to check for the overflow condition.

2. Create temporary file with mkstemp(3C) mkdtemp(3C)

Most common progrmming mistake is creating temporary file with a well known names or predictable names like tmp.$$ or tmp.pid. If a malicious user predicts this temp file pattern, we will create them in advance and try to manage them with his own data or cause application crash.

3. Buffer overflow issues with string operations.

people say use strn series functions for string operations.The strncpy() functions are preferable to strcpy() because they accept boundaries for buffers that can be checked against. However, they are still vulnerable to certain attacks if used improperly:

a. passing of NULL for src or dest causes exception
b. ‘count’ size parameter is often incorrectly passed in
c. not guaranteed to have null terminated string upon exit

Make sure the buffer and bounds are the proper size to hold the source string plus a NULL character.

4.Improper Input Validation

5. Web application security : For more information about application security, especially Web
applications, see the Open Web Application Security Project (OWASP) at http://www.owasp.org.

http://nob.cs.ucdavis.edu/~bishop/secprog/index.html

http://sunsite.uakom.sk/sunworldonline/swol-08-1998/swol-08-security.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s