Use your computer fearlessly.




[ Security | Consulting | Research ]





Software Security

by Brent Kirkpatrick

(Date Published: .)



Writing secure software.



Securing software, after the design is chosen, requires writing tight code. This means avoiding mistakes in code. Do not execute user supplied code, do not allow code injection in input, and do not allow users to violate data access permissions.

Code reviews are the preferred method of checking software security. A code review is conducted by sitting the team down with a projector and walking through the code line-by-line. The team looks for errors in programming.

Any exec commands must be checked carefully to avoid executing on user supplied commands. Any buffers that are written to must be carefully checked for length. Any time the user accesses data, the permissions must be checked.

Code reviews are expensive, because they require going through the exercise of programming twice, once to write the code and once to check it. However, the extra time is won back by catching mistakes early, before they lead to data breach and reputation problems.


defendIT. AI-driven security measures derived from security incident data.











bbkirk@intrepidnetcomputing.com




© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.