Printer Friendly
The Free Library
5,668,145 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Secure Coding: Principles & Practices"--O'reilly.


"Secure Coding. Principles and Practices" makes the case that developers must be vigilant throughout the entire code lifecycle including:

* Architecture: during this stage, applying security principles such as 'least privilege" will help limit even the impact of successful attempts to subvert software.

* Design: during this stage, designers must determine how programs will behave when confronted with fatally fa·tal·ly  
adv.
1. So as to cause death; mortally: fatally injured.

2. So as to result in disaster or ruin.

3. According to the decree of fate; inevitably.

Adv. 1.  flawed flaw 1  
n.
1. An imperfection, often concealed, that impairs soundness: a flaw in the crystal that caused it to shatter. See Synonyms at blemish.

2.  input data. The book also offers advice about performing security retrofitting when you don't have the source code-ways of protecting software from being exploited even if bugs can't be fixed.

* Implementation: during this stage, programmers must sanitize To remove sensitive data from an information system, a database or an extract from a database. See sensitive.  all program input (the character streams representing a programs' entire interface with its environment-not just the command lines and environment variables that are the focus of most security analysis).

* Testing: during this stage, programs must he checked using both static code checkers checkers, game for two players, known in England as draughts. It is played on a square board, divided into 64 alternately colored—usually red and black or white and black—square spaces, identical with a chessboard.  and runtime testing methods-for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. .

* Operations: during this stage, patch updates must be installed in a timely fashion.

For more info on the book, including Table of Contents, author bios and index see wwww.oreilly.com/catalog/securecdng/
COPYRIGHT 2003 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Database and Network Journal
Article Type:Brief Article
Date:Aug 1, 2003
Words:192
Previous Article:Internet risk impact report Q2 2003.(from Internet Security Systems)
Next Article:DataDirect Connect for JDBC 3.3.



Related Articles
The AFCA Code of Ethics.(Brief Article)
The AFCA Code of Ethics.(American Football Coaches Association)(Brief Article)
The rap on O'Reilly. (No Comment).(Bill O'Reilly)(Brief Article)
Renew your pledge: CPAs can respond to turmoil with a renewed commitment to ethical standards.(Professional Ethics)
Information for authors.
Food safety certification regulations in the United States and engaging food service workers in behavioral-change partnerships.(Library Corner)
Ethics in tax practice.
Codes of ethics.(Checklist 028)
Fourth Amendment protections under attack by "conservatives".(Fox News Network L.L.C.)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles