Recommended
More Related Content
What's hot
What's hot (20)
Similar to Secure programming language basis
Similar to Secure programming language basis (20)
Recently uploaded
Recently uploaded (20)
Secure programming language basis
- 1. DESIGN A SECURE PROGRAMMING LANGUAGE
- 2. Overview • To develop a secure application secure coding techniques should be incorporated into every phase of SDLC • Discusses about impact of various vulnerabilities • Covers secure coding guidelines for Java and C++. • Reviews about the High Integrity C++ i.e. HICPP
- 3. Vulnerabilities Buffer Overflow • A buffer overflow occurs when a program allows input to write data beyond allocated memory Integer Overflow • An integer overflow takes place when the integer variable tries to store a larger value than the valid range as a result of an arithmetic operation
- 4. Vulnerabilities Command Injection • Takes place when malicious data is embedded into input and is passed to the shell Improper error handling • When a programmer fails to implement proper error handling, the application might leak information
- 5. Secure Software Development Secure • To reduce the number of vulnerabilities before development starts Architecture • It is easier and more cost-effective to and Design eliminate security flaws • Increase awareness about software Secure Coding security among the developer Practices • Code Review Software • Penetration Testing Security Testing • Fuzz Testing
- 6. General Secure Coding Guidelines Efficient input validation is mandatory Modular programming approach Use of the latest compilers Encrypt all confidential data using strong cryptographic techniques Practice to code with proper error/exception handling Every organization must educate its developers on how to write secure code
- 7. Programming Language-Specific Guidelines • Secure Coding Practices in Java • Secure Coding Practices In C/ C++
- 8. Secure Coding Practices in Java Understand the effect of a superclass on a subclass Use public static fields for defining a constant Use try catch statements for exception handling An instance of a non-final class is fully initialized Be cautious when dealing with multiple threads
- 9. Secure Coding Practices in C/C++ Use pointers safely Watch out for memory leaks Run a ‘Garbage Collector’ to free the memory Securely delete sensitive data from memory by declaring the variable as volatile Allocate memory dynamically
- 10. High Integrity C++ Define the set of rules and guidelines for the production of C++ code It provide the restrictions necessary to make C++ suitable. exploring C++ use for high integrity and safety critical applications Enforce the best and secure practice in C++ development.
- 11. Conclusion Provides a practical and effective set of secure coding guidelines Secure SDLC that considers security at every stage of development contributes to early identification of potential vulnerabilities Discusses the about the concept of HICPP which is more secure than C++.
- 12. References [1]. Kevin Soo Hoo, Andrew W. Sudbury and Andrew R. Jaquith, ‘Tangible ROI through Secure Software Engineering’, 2006. [2]. Michael Howard, David LeBlanc and John Viega, ‘19 Deadly Sins of Software Security’, 2005. [3]. Andrew van der Stock, Jeff Williams, Dave Wichers ‘OWASP top 10: The 10 most critical web application security vulnerabilities’, 2007. [4]. Noopur Davis, ‘Secure Software Development Life Cycle Processes: A technology Scouting Report’,2006. [5]. Michael Howard, Steve Lipner , ‘The Security Development Life Cycle’, 2006.
- 13. References [6]. Sun Microsystems, Inc., ‘Secure Coding Guidelines for the Java Programming Language, version 2.0’, 2007 [7]. Mark G. Graff, Kenneth R. van Wyk, ‘Secure Coding Principles, and Practices’, 2003. [8]. Dave Dyer, ‘Can Assure save Java from the perils of multithreading’, 1998 [9]. Flight Lieutenant Derek W. Reinhardt, ‘Use of the C++ Programming Language in Safety Critical Systems’, 2004 [10]. Trupti Shiralkar and Brenda Grove,’ Guidelines for Secure Coding’, 2009