Art Of Programming

musings by Dmytrii Nagirniak

8 Simple Rules for Developing More Secure Code

Are you sure your code is bulletproof? Let’s see… I’ve just read interesting MSDN Magazine article. If you’re a software developer (or a hacker in any meaning of this word) I would recommedn to read it. For software developer I can comment it shortly:
  1. Only you are responsible for writing secure code. Not tools, not technologies of future.
  2. Never Trust Input Data. Assume all input is invalid and accept only good data, but not vice versa.
  3. Model possible treats that can affect your code, test your code to be bulletproof.
  4. Learn new possible attacks. Read books, subscribe to news.
  5. Test reliability (Fuzzing). Don’t simply punt a crash as “just a crash.” Every crach is a potential security issue.
  6. Do not write insecure code. IF you know a function should only accept “good” parameters - validate it. If encryption is required do not use MD5, DES (which are already broken). And so on…
  7. Use any tools to help find potential problems. But do not rely on them.
  8. Remember to review your old code becuase of it can become insecure.
Following these general rules will help to make your code more stable and secure.
Also make sure you read Top Ten Security Tips Every Developer Must Know.

Comments

DAS
very intersing rules

Comments