Content deleted Content added
Try to fix confusion between different kinds of computer audits |
mNo edit summary |
||
Line 10:
* One of the most common problems is unchecked use of constant-size structures and functions for dynamic-size data (the [[buffer overflow]] problem). This is especially common for [[string]] data in [[C programming language|C]]. C library functions like <tt>gets</tt> should never be used since the maximum size of the input buffer is not passed as an argument. C library functions like <tt>scanf</tt> can be used safely, but require the programmer to take care with the selection of safe format strings, by sanitising it before using it.
* Never make code more complex than necessary. Complexity breeds bugs, including security problems.
* Either leave the code available to everyone on the Net (see [[Free software]] or [[Open Source Definition]]) or hire someone who will perform a [[Information technology audit|comprehensive computer audit]]
* If possible, reuse code instead of writing from scratch.
* Encrypt/authenticate all important data transmitted over networks. Do not attempt to implement your own encryption scheme, but use a proven one instead.
| |||