Secure coding: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 15:43, 8 April 2019 edit Nehirdemir (talk \| contribs) 6 edits →Format-string attack prevention ← Previous edit		Latest revision as of 17:30, 1 September 2024 edit undo Liz (talk \| contribs) Autopatrolled, Checkusers, Oversighters, Administrators 843,494 edits Removing link(s) to "Secure by default": Removing links to deleted page Secure by default. Tag: Twinkle
(37 intermediate revisions by 27 users not shown)
Line 1: {{Short description\|Software development methodology}} {{Multiple issues\| {{~~Refimprove~~More citations needed\|date=September 2017}} {{More footnotes\|date=September 2010}} }} '''Secure coding''' is the practice of developing computer [[software]] in such a way that guards against the accidental introduction of [[security vulnerabilities]]. Defects, [[Software bug\|bugs]] and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.<ref name="bss2001">{{Cite book\| last = Viega \| first = John \|author2=Gary McGraw \| title = Building Secure Software: How to Avoid Security Problems the Right Way \| year = 2001 \| publisher = MAddison-Wesley Professional \| pages = 528 \| isbn = 978-0201721522 ~~\| page =~~ }}</ref> Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.<ref>{{Cite book\|last1=Taylor\|first1=Blair\|last2=Azadegan\|first2=Shiva\|title=Proceedings of the 3rd annual conference on Information security curriculum development \|chapter=Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum \|date=2006-09-22\|chapter-url=https://doi.org/10.1145/1231047.1231053\|series=InfoSecCD '06\|___location=Kennesaw, Georgia\|publisher=Association for Computing Machinery\|pages=24–29\|doi=10.1145/1231047.1231053\|isbn=978-1-59593-437-6\|s2cid=2452783}}</ref>▼ {{Computer security}}▼ Some scholars have suggested that in order to effectively confront threats related to [[Computer security\|cybersecurity]], proper security should be coded or “baked in” to the systems. With security being designed into the software, this ensures that there will be protection against insider attacks and reduces the threat to application security.<ref>{{Cite journal \|last=Russell L \|first=Jones \|date=Dec 2004 \|title=Secure Coding: Building Security into the Software Development Life Cycle \|url=https://www.proquest.com/docview/229507883 \|journal=Information Systems Security\|id={{ProQuest\|229507883}} }}</ref> ▲'''Secure coding''' is the practice of developing computer [[software]] in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.<ref name="bss2001">{{Cite book\| last = Viega \| first = John \|author2=Gary McGraw \| title = Building Secure Software: How to Avoid Security Problems the Right Way \| year = 2001 \| publisher = MAddison-Wesley Professional \| pages = 528 \| isbn = 978-0201721522 \| page = }}</ref> Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment. == ~~Ara Bellek~~Buffer-~~taşması~~overflow ~~önlemi~~prevention == [[Buffer overflow]]s, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflowed data may overwrite data in the next ___location which can result in a security vulnerability (stack smashing) or program termination (segmentation fault).<ref name="bss2001"/> [[Ara Bellek Taşması]],İşlemci belirlenen ara bellek uzunluğunu aştığında ortaya çıkan genel yazılım güvenlik açığıdır. Örneğin veri ögelerini saklamak için 8 bölüt varsa,9 veri ögesi saklanmak istenildiğinde problem ortaya çıkar.Bilgisayar belleği taşan veri sorunuyla karşılaştığında verinin bir sonraki yerine üstüne yazma işlemi gerçekleştirir,bu da güvenlik zafiyetine(yığın aşılması) veya programın bitirilmesine(bölümlendirme hatası) sebebiyet verebilir.<ref name="bss2001"/> ~~ara~~An ~~bellek~~example ~~taşmasına~~of ~~eğilimi olan bir C~~a [[C (~~programlama~~programming ~~dili~~language)\|C]] ~~programı~~program prone to a ~~aşağıda~~buffer ~~verilmiştir.~~overflow is<syntaxhighlight lang="c++"> int vulnerable_function(char * large_user_input) { char dst[SMALL]; strcpy(dst, large_user_input); } </syntaxhighlight>~~Eğer~~If ~~kullanıcı~~the ~~hedef~~user ~~bellekten~~input ~~daha~~is ~~büyük~~larger ~~bir~~than ~~girdi~~the ~~verirse~~destination buffer,~~ara~~ ~~bellek~~a buffer ~~taşması~~overflow ~~meydana~~will ~~gelebilir~~occur. BuTo ~~tehlikeli~~fix ~~programı~~this ~~düzeltmek~~unsafe ~~için~~program, ~~strncpy~~use ~~metodu~~strncpy ~~olası~~to ~~ara~~prevent ~~bellek~~a ~~taşması~~possible ~~problemini~~buffer ~~önleyebilir~~overflow.<syntaxhighlight lang="c++"> int secure_function(char * user_input) { char dst[BUF_SIZE]; // copy a maximum of BUF_SIZE bytes strncpy(dst, user_input, BUF_SIZE); // set the last character in the buffer to NUL. dst[BUF_SIZE -1] = '\0'; } </syntaxhighlight>~~Diğer~~Another ~~güvenli~~secure ~~seçenek~~alternative ~~ise~~is ~~hafızayı~~to ~~dinamik~~dynamically ~~olarak~~allocate ~~yığın~~memory ~~yapısıyla~~on the heap using ~~ayırmaktır.~~[[malloc]].<syntaxhighlight lang="c++"> char * secure_copy(char * src) { ~~int~~ size_t len = strlen(src); char * dst = (char ) malloc(len + 1); if (dst != NULL) { strncpy(dst, src, len); // append null terminator dst[len] = '\0'; } } return dst; } </syntaxhighlight>~~Yukarıdaki~~In ~~kod~~the ~~parçasında~~above code snippet, the program attempts to copy the contents of '''''src''''' into '''''dst,''''', ~~içeriklerini~~while ~~kopyalar,bunu~~also ~~yaparken~~checking dethe return value of malloc~~'tan~~ ~~gelen~~to ensure that enough ~~dönüş~~memory ~~tipini~~was ~~kontrol~~able ~~eder~~to kibe ~~hedef~~allocated ~~belleğin~~for ~~yeterli~~the ~~hafızası~~destination ~~olsun~~buffer. == ~~Biçim~~Format-~~Dizgi~~string ~~Saldırısı~~attack ~~Önlemleri~~prevention == A [[Format string attacks\|Format String Attack]] is when a malicious user supplies specific inputs that will eventually be entered as an argument to a function that performs formatting, such as [[printf()]]. The attack involves the adversary reading from or writing to the [[Call stack\|stack]]. [[Biçim Dizgi Saldırısı\|Format String Attack]] kötü amaçlı kullanıcının fonksiyon içine argüman olarak spesifik girdiler vererek biçimlendirmeye çalışmasıdır,örneğin [[printf()]] bir biçim-dizgi saldırısıdır.Düşman kişi okuma ve yazma yaparak saldırıyı gerçekleştirebilir. [[Çağrı yığıtı\|stack]]. The C printf function writes output to stdout. If the parameter of the printf function is not properly formatted, several security bugs can be introduced. Below is a program that is vulnerable to a format string attack.<syntaxhighlight lang="c++"> C fonksiyonu çıktıyı stdout a yazar.Eğer parametreler biçimsel olarak uygun değilse,çeşitli güvenlik hatalarıyla karşılaşılabilir.Aşağıda biçim dizgi hatasına sebebiyet verebilecek örnek bir program verilmiştir.<syntaxhighlight lang="c++"> int vulnerable_print(char malicious_input) { printf(malicious_input); } </syntaxhighlight>~~Programın~~A ~~uygunsuz~~malicious ~~hafıza~~argument ~~okumasından~~passed ~~dolayı~~to ~~sona~~the ~~erdirebilecek~~program ~~hatalı~~could ~~olarak~~be ~~verilebilecek argüman “~~"%s%s%s%s%s%s%s”s", ~~parametre~~which can crash the program from improper ~~olarak~~memory ~~verilmiştir~~reads. == Integer-overflow prevention == Line 56 ⟶ 59: } </syntaxhighlight> The problem with the code is it does not check for integer overflow on the addition operation. If the sum of x and y is greater than the maximum possible value of an <code>unsigned int</code>, the addition operation will overflow and perhaps<!-- Note that an overflow will not always result in the calculated sum being less than MAX; MAX might be relatively small and both x and y relatively big, so even an overflow might still be greater than MAX. Example: x=y=UINT_MAX, MAX=1000000. --> result in a value less than or equal to MAX, even though the sum of x and y is greater than MAX. Below is a function which checks for overflow by confirming the sum is greater than or equal to both x and y. If the sum did overflow, the sum would be less than x or less than y. Line 65 ⟶ 68: } </syntaxhighlight> == Path traversal prevention == Path traversal is a vulnerability whereby paths provided from an untrusted source are interpreted in such a way that unauthorised file access is possible. For example, consider a script that fetches an article by taking a filename, which is then read by the script and [[parse]]d. Such a script might use the following hypothetical URL to retrieve an article about [[dog food]]: <nowiki>https://www.example.net/cgi-bin/article.sh?name=dogfood.html</nowiki> If the script has no input checking, instead trusting that the filename is always valid, a [[malicious user]] could forge a URL to retrieve configuration files from the web server: <nowiki>https://www.example.net/cgi-bin/article.sh?name=../../../../../etc/passwd</nowiki> Depending on the script, this may expose the [[Passwd#Password file\|/etc/passwd]] file, which on [[Unix-like]] systems contains (among others) [[User identifier (Unix)\|user IDs]], their [[Username\|login names]], [[home directory]] paths and [[Operating system shell\|shells]]. (See [[SQL injection]] for a similar attack.) == See also == * [[Application security\|Application Security]] * [[Defensive programming]] * [[Security bug]] * Secure by default ==~~References~~ Notes == {{Reflist}} * {{Cite book\| last = Taylor \| first = Art \|author2=Brian Buege \|author3=Randy Layman \| title = Hacking Exposed J2EE & Java \| year = 2006 \| publisher = McGraw-Hill Primis \| pages = 426 \| isbn = 0-390-59975-1 \| page = }}▼ ==~~External~~ ~~links~~References == ▲* {{Cite book\| last = Taylor \| first = Art \|author2=Brian Buege \|author3=Randy Layman \| title = Hacking Exposed J2EE & Java \| year = 2006 \| publisher = McGraw-Hill Primis \| pages = 426 \| isbn = 0-390-59975-1 ~~\| page =~~ }} ▲{{Computer security}} {{DEFAULTSORT:Secure Coding}} [[Category:Computer security]]