Secure coding is the process of developing software that is free from defects, particularly those that could be exploited by an adversary to cause us harm or loss.
Source Code Vulnerabilities
The Open Web Application Security Project (OWASP) is an organization that deals specifically with web security issues.
Secure Coding Practices
One of the organizations that consistently produces good coding standards is Carnegie Mellon University’s Software Engineering Institute (SEI). SEI’s top 10 secure coding practices are listed here along with our brief take on them:
-
Validate inputs. -
Heed compiler warnings. -
Architect and design for security policies. -
Keep it simple. -
Default deny. -
Adhere to the principle of least privilege. -
Sanitize data sent to other systems. -
Practice defense in depth. -
Use effective quality assurance techniques. -
Adopt a secure coding standard.
The ISO/IEC 27034 standard covers the following application security areas: overview and concepts (Part 1); organization normative framework (Part 2); application security management process (Part 3); protocols and application security controls data structure (Part 5); case studies (Part 6); and assurance prediction framework (Part 7).
原文始发于微信公众号(debugeeker):CISSP考试指南笔记:8.7 安全编码
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论