SlideShare a Scribd company logo

Deset zapovijedi za sigurno kodiranje (2003)

Download as PPT, PDF
V
Vatroslav Mihalj

Based on M. “Defend Your Code with Top 10 Security Tips Every Developer Must Know” by Howard and K. Brown, MSDN Magazine, September 2002.

1 of 25
Deset zapovijedi za sigurno kodiranje Vatroslav Mihalj svibanj 2003.
[object Object],[object Object]
Uvod ,[object Object],[object Object],[object Object],[object Object]
1. Ne vjeruj inputu ,[object Object],[object Object],[object Object],[object Object]
2. Zaštiti se od buffer overruna ,[object Object],[object Object],[object Object],[object Object]
Primjer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
3. Spriječi cross site scripting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
4 Ne zahtjevaj sa permission ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
5. Oprezno s kriptografskim kodom ,[object Object],[object Object],[object Object],[object Object]
6. Reduciraj profil raspoloživ napadaču ,[object Object],[object Object],[object Object],[object Object]
7.Nemoj davati veća prava nego je potrebno ,[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]
8. Obrati pažnju na error handling kod ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
9. Impersonation princip je lomljiv ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10. Kreiraj aplikacije koje i ne-administratori mogu koristiti ,[object Object],[object Object],[object Object],[object Object],[object Object]
Pročitati “Writing Secure Code”  Kad bude vremena...

Recommended

Familial hypercholesterolaemia
Familial hypercholesterolaemiaFamilial hypercholesterolaemia
Familial hypercholesterolaemia
Siavash Mirzaei
 
Familial hypercholesterolemia
Familial hypercholesterolemiaFamilial hypercholesterolemia
Familial hypercholesterolemia
Ramachandra Barik
 
Familial hypercholesterolaemia
Familial hypercholesterolaemiaFamilial hypercholesterolaemia
Familial hypercholesterolaemia
PeninsulaEndocrine
 
Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...
Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...
Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...
Vatroslav Mihalj
 
E-zdravstvo (e-healthcare)
E-zdravstvo (e-healthcare)E-zdravstvo (e-healthcare)
E-zdravstvo (e-healthcare)
Vatroslav Mihalj
 
From Slide Rule Operator
From Slide Rule OperatorFrom Slide Rule Operator
From Slide Rule Operator
stephenvold
 
Torbay antenatal clinic guidelines
Torbay antenatal clinic guidelinesTorbay antenatal clinic guidelines
Torbay antenatal clinic guidelines
PeninsulaEndocrine
 
Steganografija i vodeni žig u zaštiti digitalnih slika (2003)
Steganografija i vodeni žig u zaštiti digitalnih slika (2003)Steganografija i vodeni žig u zaštiti digitalnih slika (2003)
Steganografija i vodeni žig u zaštiti digitalnih slika (2003)
Vatroslav Mihalj
 

Recommended

Familial hypercholesterolaemia
Familial hypercholesterolaemiaFamilial hypercholesterolaemia
Familial hypercholesterolaemia
Siavash Mirzaei
 
Familial hypercholesterolemia
Familial hypercholesterolemiaFamilial hypercholesterolemia
Familial hypercholesterolemia
Ramachandra Barik
 
Familial hypercholesterolaemia
Familial hypercholesterolaemiaFamilial hypercholesterolaemia
Familial hypercholesterolaemia
PeninsulaEndocrine
 
Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...
Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...
Marketing za IT geekove, mikrotvrtke i nemarketingaše (Vatroslav Mihalj, WinD...
Vatroslav Mihalj
 
E-zdravstvo (e-healthcare)
E-zdravstvo (e-healthcare)E-zdravstvo (e-healthcare)
E-zdravstvo (e-healthcare)
Vatroslav Mihalj
 
From Slide Rule Operator
From Slide Rule OperatorFrom Slide Rule Operator
From Slide Rule Operator
stephenvold
 
Torbay antenatal clinic guidelines
Torbay antenatal clinic guidelinesTorbay antenatal clinic guidelines
Torbay antenatal clinic guidelines
PeninsulaEndocrine
 
Steganografija i vodeni žig u zaštiti digitalnih slika (2003)
Steganografija i vodeni žig u zaštiti digitalnih slika (2003)Steganografija i vodeni žig u zaštiti digitalnih slika (2003)
Steganografija i vodeni žig u zaštiti digitalnih slika (2003)
Vatroslav Mihalj
 
Web App Security for Devs
Web App Security for DevsWeb App Security for Devs
Web App Security for Devs
Axilis
 
Web App Security for Devs
Web App Security for DevsWeb App Security for Devs
Web App Security for Devs
Vedran Maršić
 
[TVZ računarstvo] Dinamičke web aplikacije, predavanje 8.
[TVZ računarstvo] Dinamičke web aplikacije, predavanje 8. [TVZ računarstvo] Dinamičke web aplikacije, predavanje 8.
[TVZ računarstvo] Dinamičke web aplikacije, predavanje 8.
Stipe Predanic
 
Web bazirani servisi za krekiranje lozinki - Marija Barušić
Web bazirani servisi za krekiranje lozinki - Marija BarušićWeb bazirani servisi za krekiranje lozinki - Marija Barušić
Web bazirani servisi za krekiranje lozinki - Marija Barušić
Marija Barušić
 
CUC2009
CUC2009CUC2009
CUC2009
tkisason
 
Sf2010
Sf2010Sf2010
Sf2010
tkisason
 

More Related Content

Similar to Deset zapovijedi za sigurno kodiranje (2003)

Similar to Deset zapovijedi za sigurno kodiranje (2003) (6)

Web App Security for Devs
Web App Security for DevsWeb App Security for Devs
Web App Security for Devs
 
Web App Security for Devs
Web App Security for DevsWeb App Security for Devs
Web App Security for Devs
 
[TVZ računarstvo] Dinamičke web aplikacije, predavanje 8.
[TVZ računarstvo] Dinamičke web aplikacije, predavanje 8. [TVZ računarstvo] Dinamičke web aplikacije, predavanje 8.
[TVZ računarstvo] Dinamičke web aplikacije, predavanje 8.
 
Web bazirani servisi za krekiranje lozinki - Marija Barušić
Web bazirani servisi za krekiranje lozinki - Marija BarušićWeb bazirani servisi za krekiranje lozinki - Marija Barušić
Web bazirani servisi za krekiranje lozinki - Marija Barušić
 
CUC2009
CUC2009CUC2009
CUC2009
 
Sf2010
Sf2010Sf2010
Sf2010
 

Deset zapovijedi za sigurno kodiranje (2003)