Secure Coding Techniques 3.6 Flashcards

1
Q

Secure Coding Concepts

A

Balance time and quality. Security isn’t always at the forefront of developer priorities. Vulnerabilities will eventually be found.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Error and Exception Handling

A

Bad guys love if your error message reveal too much information. Do not use the default error messages. It will give away too much information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Input Validation

A

Make sure that all of your input fields are only allowing exactly what’s necessary. If you allow too much leeway, the bad guys will do everything they can to find an opening. Document all input methods and make sure your application is only receiving the input that its expecting. Use a fuzzer to check if your app is properly validating the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Stored Procedure

A

For SQL the clients send detailed requests for data from a particular part of the database. These requests can be complex. If the user malicious modifies the request, they can gain information they shouldn’t have access to. To combat that, use a pre-designed stored procedure. This eliminates creative uses of the SQL programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Code Signing

A

After an app is deployed, users run the app or scripts. In order for us to tell if the application is legitimately from who designed it, the code can be digitally signed by the developer. It uses asymmetric encryption. Trusted certificate authorities sign the developers public key and the developer signs with their private key. For internal applications, use our own CA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Encryption

A

If you can see the source code, you can find security holes. Source code is closely guarded. Development platforms should use encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Obfuscation/Camoflage

A

Take readable code and make it look like nonsense. It helps prevent the search for security holes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Code Reuse/Dead Code

A

Using old code that has vulnerabilities just creates more problems for everyone. Dead code can potentially create security problems. The less code for the program, the less potential risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Validation Points

A

Use both server side and client side validation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Memory Management

A

Never trust user data input. Buffer overflows are a huge security risk. Make sure the data that comes in matches your available buffer sizes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Third Party Libraries and Software Development Kits (SDK’s)

A

Programming languages does a large amount of how applications are developed. Sometimes you need third party libraries to help your app do something it needs to do. These libraries can be a risk however because it was written by someone else. Do extensive testing on it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Exposure

A

There is so much sensitive data. How is your app handling all this data. You need to think about every step in which this data is handled to include its input and output processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly