Tipping the Scales Toward Secure Code

    Date01 Oct 2004
    3586
    Posted ByAnthony Pell
    Everybody can use more secure code--and sometimes the best way to hone your skills is to listen to other programmers. Here are 18 concise tips offered by your fellow developers, each a specific (and opinionated!) piece of advice that you can put to work immediately. . . . Everybody can use more secure code--and sometimes the best way to hone your skills is to listen to other programmers. Here are 18 concise tips offered by your fellow developers, each a specific (and opinionated!) piece of advice that you can put to work immediately. You may not agree with all these suggestions, but each is worth contemplating.

    Be Careful What You Call

    "If your application calls a DLL or another program, make sure you call it specifically," says Joshua Levy, senior software engineer for Reasoning Inc. in Mountain View, CA. "Don't rely on relative paths or search paths. The danger here is that you will end up calling a different program or DLL than you expected. This is the ultimate security flaw, because suddenly you're running a program or DLL written by the attacker! This is often a problem with 'inside jobs,' where an employee is trying to get more permissions than he should, or [to] read data or files that he isn't allowed to read. We review other people's code, and I see a huge amount of these sorts of errors." Levy writes programs to find and report such weaknesses. "It's better to check that the executable or DLL is what you expected, using signing or CRC," he suggests.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"8","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.