• PDF / 235,537 Bytes
• 16 Pages / 504 x 720 pts Page_size
• 59 Downloads / 235 Views

DOWNLOAD

REPORT

Secure Coding Guidelines Introduction When software applications have vulnerabilities, it means high costs for the application maker. Some organizations pay more than $500,000 per security incident. The efforts used for the elimination of vulnerabilities in a software application should focus on secure coding, avoiding deploying any vulnerabilities in the production phase. Writing secure source code is a difficult task. It is very important to understand the implications of the code that is being written and to have a checklist of things that need to be checked. The checklist will help the developers pursue a fast verification of their code for well-known security problems. Usually, the verification is done by a security team and not by software developers or engineers. A software developer cannot be objective with their own code. The idea of a checklist should start from the following idea: verifying the source code that will process data outside of its domain and take into consideration the user input, the network communication, the process of the binary files, receiving output from database management systems or servers, and so on. When we work with a software application (doesn’t matter whether the application is a desktop, web, or mobile one), the idea that the application is secure because it was developed by a well-known company is just a myth. Don’t trust this notion. Companies that rely on this idea end up spending a huge amount of the budget on security incidents, maintenance, consultancy, and audit sessions. There are two environments in which a software application works, and its behavior is different in each environment. The software application that is in the analysis and development process within a company represents its circle of trust (at least, most companies think in this way and they enjoy considering their infrastructure very resistant to security attacks). The behavior of the software application in that circle of

© Marius Iulian Mihailescu and Stefania Loredana Nita 2021 M. I. Mihailescu and S. L. Nita, Pro Cryptography and Cryptanalysis, https://doi.org/10.1007/978-1-4842-6367-9_6

165

Chapter 6

Secure Coding Guidelines

trust represents the most critical environment in which an application can be developed and tested. No developer, IT security officer, or software analyst will hack his own code. For this purpose, some companies such as Microsoft used to have software development engineers in test (SDETs) who were tasked with breaking or attempting to break the code written by the software development engineers (SDEs). This environment is the comfort one. Once the application leaves that comfort zone and enters the real environment, the issues start happening. The trust boundary is hard and easy at the same time to be drawn and to create a delimitation between the comfort zone and the real zone. It’s not an easy task to achieve, especially if those applications are running in a virtualized infrastructure, cloud, or big data environments. In the comfort zone, a security threat is repres

Recommend Documents

Secure Network Coding Technology

191 15 47MB

Secure Network Coding

166 39 49MB

Firmware Secure Coding Practice

211 25 28MB

Secure Arithmetic Coding with Error Detection Capability

160 91 458KB

A weakly secure multiple description coding scheme in lossy multipath channels for fine-grained SVC streaming

150 89 2MB

Secure Image Communication Through Adaptive Deer Hunting Optimization Based Vector Quantization Coding of Perceptually E

182 61 2MB

FPGA Design and Implementation of High Secure Channel Coding Based AES

158 57 37MB

Low Power Area Efficient Improved DWT and AES Architectures for Secure Image Coding

162 6 63MB

An efficient secure data compression technique based on chaos and adaptive Huffman coding

165 105 1MB

Design of Secure Coding Challenges for Cybersecurity Education in the Industry

152 91 35MB

Secure

144 7 49MB

Photometric Guidelines

167 90 47MB