Content deleted Content added
Claudiajoyce (talk | contribs) m →See also: Added bullet points and hyperlink |
Removing link(s) to "Secure by default": Removing links to deleted page Secure by default. |
||
| (5 intermediate revisions by 4 users not shown) | |||
Line 4:
{{More footnotes|date=September 2010}}
}}
{{Computer security}}▼
'''Secure coding''' is the practice of developing computer [[software]] in such a way that guards against the accidental introduction of [[security vulnerabilities]]. Defects, [[Software bug|bugs]] and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.<ref name="bss2001">{{Cite book| last = Viega | first = John |author2=Gary McGraw | title = Building Secure Software: How to Avoid Security Problems the Right Way | year = 2001 | publisher = MAddison-Wesley Professional | pages = 528 | isbn = 978-0201721522 }}</ref> Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.<ref>{{Cite book|last1=Taylor|first1=Blair|last2=Azadegan|first2=Shiva|title=Proceedings of the 3rd annual conference on Information security curriculum development |chapter=Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum |date=2006-09-22|chapter-url=https://doi.org/10.1145/1231047.1231053|series=InfoSecCD '06|___location=Kennesaw, Georgia|publisher=Association for Computing Machinery|pages=24–29|doi=10.1145/1231047.1231053|isbn=978-1-59593-437-6|s2cid=2452783}}</ref>
Some scholars have suggested that in order to effectively confront threats related to [[Computer security|cybersecurity]], proper security should be coded or “baked in” to the systems. With security being designed into the software, this ensures that there will be protection against insider attacks and reduces the threat to application security.<ref>{{Cite journal |last=Russell L |first=Jones |date=Dec 2004 |title=Secure Coding: Building Security into the Software Development Life Cycle |url=https://www.proquest.com/docview/229507883
== Buffer-overflow prevention ==
Line 26 ⟶ 24:
// copy a maximum of BUF_SIZE bytes
strncpy(dst, user_input, BUF_SIZE);
// set the last character in the buffer to NUL.
dst[BUF_SIZE -1] = '\0';
}
</syntaxhighlight>Another secure alternative is to dynamically allocate memory on the heap using [[malloc]].<syntaxhighlight lang="c++">
Line 82:
* [[Defensive programming]]
* [[Security bug]]
*
== Notes ==
Line 90:
* {{Cite book| last = Taylor | first = Art |author2=Brian Buege |author3=Randy Layman | title = Hacking Exposed J2EE & Java | year = 2006 | publisher = McGraw-Hill Primis | pages = 426 | isbn = 0-390-59975-1 }}
▲{{Computer security}}
{{DEFAULTSORT:Secure Coding}}
[[Category:Computer security]]
| |||