Content deleted Content added
No edit summary |
→Buffer Overflow Prevention: fix caps+missing hyphen |
||
Line 8:
'''Secure coding''' is the practice of developing computer [[software]] in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.<ref name="bss2001">{{Cite book| last = Viega | first = John |author2=Gary McGraw | title = Building Secure Software: How to Avoid Security Problems the Right Way | year = 2001 | publisher = MAddison-Wesley Professional | pages = 528 | isbn = 978-0201721522 | page = }}</ref> Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
== Buffer-overflow
[[Buffer overflow]]s, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflowed data may overwrite data in the next ___location which can result in a security vulnerability (stack smashing) or program termination (segmentation fault).<ref name="bss2001"/>
| |||