Finacle - Secure Coding Practices


Published on

Finacle paper on secure coding practices gives an insight into application coding security and highlights how comprehensive approach in security is need to not only secure code but also web servers and databases.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Finacle - Secure Coding Practices

  1. 1. Secure coding practicesThought Banking Solution | Systems Integration | Consulting | Business Process Outsourcing
  2. 2. Secure coding practices Writing good code is an art but equally defining variables and structures and passing important is programmers’ awareness of secure references and pointers from one module code practices, and the care they take when to another. Overview of code security While defining variables, programmers need to access to the structures using proper access first assess memory space to be allocated, controls such as “public, private or protected”, and clearly define the individual scope of inside the code. reference variables while passing references Another thing to be kept in mind is that variables, inside functions. In languages such as C++, used normally for handshaking between defining and using pointers is good practice as two modules – say, loans with payments – it improves performance and speed, especially should have a restricted set of values defined. in the case of applications like core banking These variables are normally static and their where there are multiple users. But on the flip scope should be defined within certain boundaries. side, this poses enormous risk to data security as pointers can be accessed from outside and Also, it is always reco-mmended to perform variable values can be manipulated. code audits before implementation, so that potential code vulnerabilities can be fixed. For Programmers should follow secure coding that, the code auditors should be enabled with practices while dealing with arrays, linked lists, proper know-how about individual languages stacks and vectors, which are the linear data and related secure code practices. structures normally used in coding, always keeping in mind that size of such data structures Moreover, programmers should be aware of should be strictly limited to the space required. specific security related features of each Location – the physical address at which these programming language. Code review by experts structures are defined – is an important aspect ensures that programmers implement good as well. In addition, it is essential to restrict security practices. Security breach in coding Security breaches in coding are primarily of 4 Malware passing/hosting: Malware, which is generic types: software written to perform malicious activities, can be passed inside Web interfaces if codes are Code injections: In most of the functionalities not written securely. where end users are allowed to upload file content, they can also inject codes in the Web Insecure database calls: Generic database calls server. These codes can perform malicious acts require variables like database passwords and and pass valuable system information to hackers. names and user names that are generally accessed02 Thought Paper
  3. 3. through static storage variables or properties modified by system users. If such files are used,files. It is important to write these calls in a the variable values should be stored usingmanner that passwords and user names can interfaces and in encrypted format. However, itbe generated at run time and passed in the is recommended to avoid these files altogether.program. It has been observed in security Further, if the property file of the server isaudits that many enterprise applications use compromised, hackers can overload its accesshardcoding of passwords and other parameters, methods and misuse them. It is preferable towhich is a wrong programming practice. create combination keys with two or moreProperties file misuse: Properties files normally resources instead of using just one propertiesused to access basic data, contain lists of file. These can be run time generated and passedunencrypted variables whose values can be to required modules.Change management and version controlIn general code writing practices, version with details and code review should be donecontrol is achieved using version numbering. before deployment. Also, the vulnerabilitiesSecure practices need to be followed during the due to new changes in code should bechange management implementation process. addressed explicitly.The changes in code should be highlightedGeneral secure coding practicesConcept of no tolerance Variable declarations: When variables are declared in code, the variable length and scopeWhen coding, the tolerance related to variable of variable access should be predetermined;length, scope and accessibility should be declarations should be made accordingly. Usepredetermined and only the required scope of fixed length variables should be avoidedshould be allowed. The tolerance for variable and preferably, variables should be definedlength should be optimized. Scopes for with dynamic memory allocations. Many newgenerated objects should also be predetermined. compilers like VB and VC++ support postponementIdeally, code should not rely on variable scope of variable declaration by mentioning onlypredefined by the compiler. the variable name and not the type. In such cases, variable types and properties shouldCertain thumb rules of secure coding be determined within the scope without anyVertical and horizontal code drafting practices/ overload of unnecessary features. In languagesCode Orientation: Although code drafting that support object referencing, programmersmethods might change as per language should avoid making multiple copies of thespecifications, the normal way of writing code is same variables.either vertical cascading or horizontal splittingof code. The vertical cascading method helps System level and semaphore variables: Inprogrammers to understand the code whereas cases where shell variables are used, variablehorizontal splitting enables them to define the values have to be sanitized. It is preferablescope of functions and variables. to initialize values and not to assume default Thought Paper 03
  4. 4. vales as per system usage. Normally for inter- and then further modified as per system usage. process communications where semaphores As the semaphore controlling variable values are implemented, the variables used to control are generally global in nature, it is important to the semaphores should be initialized in advance determine entry and exit point values in advance. Object oriented principles Partial and full implementation of Object multiple inheritances as it adds to code Oriented Programming (OOP) and security: vulnerability. Making major variable declarations OOP is in line with best security practices, with in public scope enables easy access, thereby some exceptions. For instance, high usage of compromising OOP abstraction. friend and virtual functions makes code more Prevention of inheritance by key words like insecure and prone to compromise. Well-defined ‘Final’: In certain languages like C++ and Java, scopes like public, private and protected, secure inheritance can be restricted using key words the code. Certain programming languages like such as ‘Final’, thus disallowing users from Java do not support multiple inheritances, thus inheriting class methods available in base class. protecting the methods defined under classes. This can be done when programmers do not Data abstraction and multiple inheritance want any further extensions and use defined linkages: Programmers should avoid using class members. Security for software deployment Secure deployments, keys protection in code applications. Preferably, deployments should deployment: Generally, codes are deployed be done serially and manual handling should through popular deployment tools which be strictly avoided. Keys used for secure compress the files and serially deploy them on deployments should be dynamic, with a specified the destination server. The deployment codes time period to avoid code misuse. might be insecure, resulting in holes in the Code level security for Web applications While SQL injection is a common Web messages (such as ‘page not found’) should be vulnerability, it is also important to write altered to prevent the user from getting details optimized queries in order to secure the data like Web server configuration and version path. objects. This ensures the safety of the SQL Web server default passwords and paths should output artifacts and also improves performance also be changed as per specific requirement. of database calls. Also, retrieval of unnecessary Secure way of code deployment on Web: database column values should be avoided. Web-based code deployment, being very Web server secure practices: Web server logs unsecure, should be managed well. Handshakes should always be configured to another drive should happen on key exchange mechanism where they can be stored. This will enable the and both client and server application should tracing of hacking attacks. In addition, error authenticate the connection between them.04 Thought Paper
  5. 5. Best security practices at the individuallanguage levelEach programming language has its own features dropping can be reduced by transmitting allaround which security practices are set. information between client and browser over Secure Sockets Layer (SSL). Programmers shouldC/C++ also ensure that client side options such as viewEven if declared implicitly, array bounds in C++ state /hidden variables are not used to storeshould be set explicitly, and should not be left sensitive data. Further, sensitive informationopen-ended. The structures should be defined must be stored on the server and not on thedynamically as well. Also, loop arrays should client side. Additionally, appropriate errornot be allowed to iterate beyond the end of the messages should be displayed just like in Java.array, so as to reduce buffer overflow attacks. Inaddition, conversions using void pointers should PHPbe avoided, while the automatic variables used In the server-side programming language, PHP,need to be initialized before declaration. the majority of attacks can be reduced by sanitizing the input; functions like filter_input/Java filter_id can be used. While using MySQL, itSanitization of all data input irrespective of the would be preferred to change passwordsource, substantially reduces risk of attacks such frequently. Malicious scripts can be preventedas code injections. It is also advisable to declare from running on the browser by removingdata variables of a class as private, thereby content like special characters before it is sentrestricting access. Even in the case of nested to the users. Attacks such as Remote Fileclasses, the methods accessing the private Inclusion/Local File Inclusion can be reduced bymembers of the outer class should be declared sanitizing the inputs, restricting dynamic inputsas private. Besides, exceptions should not be that come from the user and placing strictallowed to expose sensitive information. The access controls for critical files. Again, erroroutcomes of exceptions should be changed by messages sent to the user must be generic andproper exception handling, so that users get not disclose any information.only valid exceptions. Use of the key word‘Finally’ while handling the exception significantly Shell scriptsreduces data vulnerability. Null pointers shouldnot be de-referenced, as this can cause the null When using shell scripts, a popular scriptingpointer exception. Error messages passed to the language mainly based on the Unix platform,user through servlets should be appropriate and restricted access must be ensured, with read,should not display any confidential data. write and execute permissions for individual scripts given according to users’ privilege. In fact,ASP.Net Unix is considered the most secure Operating System because of the security features offeredWhen using the popular programming language though shell scripts.ASP.Net, data input from all users should bethoroughly sanitized. Stored procedures should Programmers should restrict privileges forbe used to filter malicious user inputs, thereby specific command execution as well. For instance,mitigating code injection attacks. Also, session those given permission to view the directoryhijacking attacks can be reduced by disparate should not be allowed to make any changes.transmission of authentication and session Additionally, the access controls for individualcookies and using only the HTTPS network for files and directories should be predetermined.the same. Authentication credentials should also Segregation of users based on privileges is verybe passed only over HTTPS. Network eaves important too. Thought Paper 05
  6. 6. While writing and executing filters, steps to In addition, TCP/IP stack gets exposed to prevent data exposure should be taken care of programmers directly through shell script and in advance. During processing, programmers C programs and programmers should avoid should exercise caution when exposing kernel display of unnecessary stack information to end calls and switches to end users. They should users. There have been instances of companies also ensure that fork calls are finite and preparing their own protocol to avoid content controlled by defined system variables as they exposure through the TCP/IP stack. are highly sensitive to memory usage. Conclusion Application coding security is not restricted servers and databases, techniques of handling to just drafting ways of coding. Rather, it calls properties files et al. Best security practices for a comprehensive approach that encompasses should be formulated keeping in mind language methods of Web and database server specific features and should be applied during configuration, ways of making calls on Web configuration, coding and implementation. Bibliography 1. Session Hijacking: Refers to the exploitation of the operating system. Depending on the of the session, done mainly by theft of the value of the semaphore the process will know session key used to authenticate a valid user whether to utilize the resource or to wait. and gain access to services. 4. SQL Injection attack: SQL queries are drafted 2. Network Eavesdropping: Refers to the sniffing and inserted in Web forms maliciously to of the data packets transmitted along a extract sensitive information from databases. network to gain access to sensitive information. This is done using sniffers. 5. Array: Term referred to the use of a collection of variables belonging to a single type. 3. Semaphores: Used in operating systems, for coordinating activities between multiple 6. Pointers: A variable which is used to store processes that compete for using the resources the address of another variable. Makarand Madhukar Baji Senior Consultant, Finacle Payments, Infosys Sandhya Ravikumar Technology Analyst, Finacle E-Banking and Channel Support, Infosys06 Thought Paper
  7. 7. About FinacleFinacle from Infosys partners with banks to transform process, productand customer experience, arming them with ‘accelerated innovation’that is key to building tomorrow’s bank.For more information, contact© 2012 Infosys Limited, Bangalore, India, Infosys believes the information in this publication is accurate as of its publication date; such information is subject to change without notice. Infosysacknowledges the proprietary rights of the trademarks and product names of other companies mentioned in this document. Thought Paper 07