Secure Programming Flashcards
How to avoid integer wraparound
BigInt
Try/Catch
Python
Python dynamically changes type depending on required space
more secure if(==y){…}
tol = 0.001
if abs(x-y)<tol
secure symmetric encryption
(LRRS)
Key must be as long as plaintext
key must be random
key must never be reused
key must be kept secret
modulus
n=p*q
totient φ(n)
φ(n) = (p-1)*(q-1)
E
between 1 and φ(n)
e.g.1-12
7
D
Modular inverse of E
Public-Key
(e,n)
Private-Key
(d,n)
black box
Simulate attacks externally
white box
simulate attacks while knowing the structure
sql
declare @inbox int
declare @sql nvarchar(100)
set @inbox = 3; Drop Database
set @sql = ‘select * from review where stars =’ + @stars
Output = select * from reviews; Drop database
secure sql
declare @inbox nvarchar(100)
declare @sql nvarchar(100)
declare @param nvarchar(100)
declare @query nvarchar(100)
SET @inbox = ‘3; drop database’;
SET @sql= N’SELECT * FROM REVIEW WHERE stars = @stars’;
SET @paramDefinition = N’@stars NVARCHAR(MAX)’;
SET @query = @SQLstub;
EXEC sp_executesql @SQLQuery, @paramDefinition, @stars = @inbox;
output = SELECT * FROM REVIEW WHERE stars = ‘3; drop database’;
RSA encryption (key = (7,12))
Convert string to ASCII
e.g. H = 72
Encryption = C = M^e mod n = C = 72^7 mod 12
Decryptuon = M = C^d mod n = M = C^7 mod 12
