AB
Uploaded byAnkita Bhalla
1,121 views

Secure programming language basis

This document discusses secure programming practices, including incorporating security into the software development lifecycle, common vulnerabilities like buffer overflows and integer overflows, and secure coding guidelines for languages like Java and C++. It emphasizes practices like input validation, error handling, and using the latest compilers. It also covers the High Integrity C++ framework for developing safety-critical applications.

Embed presentation

DESIGN A SECURE PROGRAMMING LANGUAGE
Overview • To develop a secure application secure coding techniques should be incorporated into every phase of SDLC • Discusses about impact of various vulnerabilities • Covers secure coding guidelines for Java and C++. • Reviews about the High Integrity C++ i.e. HICPP
Vulnerabilities Buffer Overflow • A buffer overflow occurs when a program allows input to write data beyond allocated memory Integer Overflow • An integer overflow takes place when the integer variable tries to store a larger value than the valid range as a result of an arithmetic operation
Vulnerabilities Command Injection • Takes place when malicious data is embedded into input and is passed to the shell Improper error handling • When a programmer fails to implement proper error handling, the application might leak information
Secure Software Development Secure • To reduce the number of vulnerabilities before development starts Architecture • It is easier and more cost-effective to and Design eliminate security flaws • Increase awareness about software Secure Coding security among the developer Practices • Code Review Software • Penetration Testing Security Testing • Fuzz Testing
General Secure Coding Guidelines  Efficient input validation is mandatory  Modular programming approach  Use of the latest compilers  Encrypt all confidential data using strong cryptographic techniques  Practice to code with proper error/exception handling  Every organization must educate its developers on how to write secure code
Programming Language-Specific Guidelines • Secure Coding Practices in Java • Secure Coding Practices In C/ C++
Secure Coding Practices in Java  Understand the effect of a superclass on a subclass  Use public static fields for defining a constant  Use try catch statements for exception handling  An instance of a non-final class is fully initialized  Be cautious when dealing with multiple threads
Secure Coding Practices in C/C++  Use pointers safely  Watch out for memory leaks  Run a ‘Garbage Collector’ to free the memory  Securely delete sensitive data from memory by declaring the variable as volatile  Allocate memory dynamically
High Integrity C++  Define the set of rules and guidelines for the production of C++ code  It provide the restrictions necessary to make C++ suitable.  exploring C++ use for high integrity and safety critical applications  Enforce the best and secure practice in C++ development.
Conclusion Provides a practical and effective set of secure coding guidelines Secure SDLC that considers security at every stage of development contributes to early identification of potential vulnerabilities Discusses the about the concept of HICPP which is more secure than C++.
References [1]. Kevin Soo Hoo, Andrew W. Sudbury and Andrew R. Jaquith, ‘Tangible ROI through Secure Software Engineering’, 2006. [2]. Michael Howard, David LeBlanc and John Viega, ‘19 Deadly Sins of Software Security’, 2005. [3]. Andrew van der Stock, Jeff Williams, Dave Wichers ‘OWASP top 10: The 10 most critical web application security vulnerabilities’, 2007. [4]. Noopur Davis, ‘Secure Software Development Life Cycle Processes: A technology Scouting Report’,2006. [5]. Michael Howard, Steve Lipner , ‘The Security Development Life Cycle’, 2006.
References [6]. Sun Microsystems, Inc., ‘Secure Coding Guidelines for the Java Programming Language, version 2.0’, 2007 [7]. Mark G. Graff, Kenneth R. van Wyk, ‘Secure Coding Principles, and Practices’, 2003. [8]. Dave Dyer, ‘Can Assure save Java from the perils of multithreading’, 1998 [9]. Flight Lieutenant Derek W. Reinhardt, ‘Use of the C++ Programming Language in Safety Critical Systems’, 2004 [10]. Trupti Shiralkar and Brenda Grove,’ Guidelines for Secure Coding’, 2009
Secure programming language basis

More Related Content

PDF
Secure Coding and Threat Modeling
byMiriam Celi, CISSP, GISP, MSCS, MBA
 
PDF
"CERT Secure Coding Standards" by Dr. Mark Sherman
byRinaldi Rampen
 
PPTX
Secure coding practices
byScott Hurrey
 
PDF
Secure coding-guidelines
byTrupti Shiralkar, CISSP
 
PDF
Finacle - Secure Coding Practices
byInfosys Finacle
 
PDF
Secure Coding for Java - An Introduction
bySebastien Gioria
 
PDF
Why should developers care about container security?
byEric Smalling
 
PPTX
Student Spring 2021
byDenis Zakharov
 
Secure Coding and Threat Modeling
byMiriam Celi, CISSP, GISP, MSCS, MBA
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
byRinaldi Rampen
 
Secure coding practices
byScott Hurrey
 
Secure coding-guidelines
byTrupti Shiralkar, CISSP
 
Finacle - Secure Coding Practices
byInfosys Finacle
 
Secure Coding for Java - An Introduction
bySebastien Gioria
 
Why should developers care about container security?
byEric Smalling
 
Student Spring 2021
byDenis Zakharov
 

What's hot

PDF
Real World Application Threat Modelling By Example
byNCC Group
 
PPTX
Implementing an Application Security Pipeline in Jenkins
bySuman Sourav
 
PDF
5 Important Secure Coding Practices
byThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
PDF
OWASP Secure Coding Practices - Quick Reference Guide
byLudovic Petit
 
PDF
Secure Coding in C/C++
byDan-Claudiu Dragoș
 
PPTX
Secure coding practices
byMohammed Danish Amber
 
PDF
A Successful SAST Tool Implementation
byCheckmarx
 
PPTX
Making Security Agile
byOleg Gryb
 
PPTX
Secure development of code
bySalomeVictor
 
PPTX
Agile and Secure Development
byNazar Tymoshyk, CEH, Ph.D.
 
PPTX
Secure application deployment in Apache CloudStack
byTim Mackey
 
PPTX
Mobile security recipes for xamarin
byNicolas Milcoff
 
PPTX
Using hypervisor and container technology to increase datacenter security pos...
byTim Mackey
 
PPTX
Security as a new metric for Business, Product and Development Lifecycle
byNazar Tymoshyk, CEH, Ph.D.
 
PDF
Scalable threat modelling with risk patterns
byStephen de Vries
 
PDF
Threat modeling with architectural risk patterns
byStephen de Vries
 
PPT
L27
byNathannyabvureMapisa
 
PPTX
DevSecCon Talk: An experiment in agile Threat Modelling
byzeroXten
 
PDF
Neoito — Secure coding practices
byNeoito
 
PDF
[OPD 2019] Life after pentest
byOWASP
 
Real World Application Threat Modelling By Example
byNCC Group
 
Implementing an Application Security Pipeline in Jenkins
bySuman Sourav
 
5 Important Secure Coding Practices
byThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
OWASP Secure Coding Practices - Quick Reference Guide
byLudovic Petit
 
Secure Coding in C/C++
byDan-Claudiu Dragoș
 
Secure coding practices
byMohammed Danish Amber
 
A Successful SAST Tool Implementation
byCheckmarx
 
Making Security Agile
byOleg Gryb
 
Secure development of code
bySalomeVictor
 
Agile and Secure Development
byNazar Tymoshyk, CEH, Ph.D.
 
Secure application deployment in Apache CloudStack
byTim Mackey
 
Mobile security recipes for xamarin
byNicolas Milcoff
 
Using hypervisor and container technology to increase datacenter security pos...
byTim Mackey
 
Security as a new metric for Business, Product and Development Lifecycle
byNazar Tymoshyk, CEH, Ph.D.
 
Scalable threat modelling with risk patterns
byStephen de Vries
 
Threat modeling with architectural risk patterns
byStephen de Vries
 
L27
byNathannyabvureMapisa
 
DevSecCon Talk: An experiment in agile Threat Modelling
byzeroXten
 
Neoito — Secure coding practices
byNeoito
 
[OPD 2019] Life after pentest
byOWASP
 

Similar to Secure programming language basis

PPT
10290057.ppt
byImXaib
 
PDF
An Introduction to Secure Application Development
byChristopher Frenz
 
PPT
Software Security Testing
byankitmehta21
 
PDF
Importance of Secure Coding with it’s Best Practices
byElanusTechnologies
 
PPT
SoftwareSecurity.ppt
byssuserfb92ae
 
PDF
OWASP Secure Coding Quick Reference Guide
byAryan G
 
PPTX
Software Security.Software Security.Software Security.Software Security.
bySuhail Qadir Mir
 
PDF
Java: A Secure Programming Language for Today's Market
byUncodemy
 
PDF
security related to software program discuss how it protect and defend from s...
bykibitu
 
PDF
Program Security in information security.pdf
byshumailach472
 
PDF
The Principles of Secure Development
bySecurity Ninja
 
PPT
Secure programming - Computer and Network Security
byssuser30902e
 
PDF
The Principles of Secure Development - BSides Las Vegas 2009
bySecurity Ninja
 
PDF
Arved sandstrom - the rotwithin - atlseccon2011
byAtlantic Security Conference
 
PDF
Software Security Certification
byVskills
 
PPTX
Eirtight writing secure code
byKieran Dundon
 
DOC
Project
bysaprasamir
 
PDF
Secured Development
byBurhan Khalid
 
PDF
Mr. Burhan Khalid - secure dev.
bynooralmousa
 
PDF
WhiteList Checker: An Eclipse Plugin to Improve Application Security
byguest56b7565
 
10290057.ppt
byImXaib
 
An Introduction to Secure Application Development
byChristopher Frenz
 
Software Security Testing
byankitmehta21
 
Importance of Secure Coding with it’s Best Practices
byElanusTechnologies
 
SoftwareSecurity.ppt
byssuserfb92ae
 
OWASP Secure Coding Quick Reference Guide
byAryan G
 
Software Security.Software Security.Software Security.Software Security.
bySuhail Qadir Mir
 
Java: A Secure Programming Language for Today's Market
byUncodemy
 
security related to software program discuss how it protect and defend from s...
bykibitu
 
Program Security in information security.pdf
byshumailach472
 
The Principles of Secure Development
bySecurity Ninja
 
Secure programming - Computer and Network Security
byssuser30902e
 
The Principles of Secure Development - BSides Las Vegas 2009
bySecurity Ninja
 
Arved sandstrom - the rotwithin - atlseccon2011
byAtlantic Security Conference
 
Software Security Certification
byVskills
 
Eirtight writing secure code
byKieran Dundon
 
Project
bysaprasamir
 
Secured Development
byBurhan Khalid
 
Mr. Burhan Khalid - secure dev.
bynooralmousa
 
WhiteList Checker: An Eclipse Plugin to Improve Application Security
byguest56b7565
 

Recently uploaded

PDF
CHUYÊN ĐỀ ÔN LUYỆN TUYỂN SINH 9 LÊN 10 - MÔN TOÁN - CÓ LỜI GIẢI CHI TIẾT - TH...
byNguyen Thanh Tu Collection
 
PDF
Overview of Ethiopian Agriculture: Systems and Economic Impact.pdf
byinebaseifu
 
PPTX
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
PDF
1.The-Story-of-Indian-Farming ppt/7th part 2/by k sandeep swamy(MSc,BEd)/samy...
bySandeep Swamy
 
PDF
ATOMIC-STRUCTURE.pdf/class 11 chemistry/IITJEE AND NEET/By: K SANDEEP SWAMY(M...
bySandeep Swamy
 
PDF
Fidelity to Energy: A Critical Analysis of Baz Luhrmann’s Intersemiotic Trans...
byKruti Vyas
 
PDF
Halogen-Derivatives.pdf/BY K SANDEEP SWAMY/FOR ONLINE CLASSES CONTACT 9491878325
bySandeep Swamy
 
PDF
eSAT-for-Teachers-2025-2028-ver.2-Nov2025 idp.pdf
byJunmelValientes
 
PPTX
Prepositions of Place : English Grammar Presentation
byPintoo Dhillon
 
PPTX
ANTI-TUSSIVE CHAPTER NO.05 PHARMACOGNOSY
byGanu Gavade
 
PPTX
Capacity Building Programme for Teachers on Equitable and Inclusive Education
byMUKHTAR133762
 
PPTX
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
PPTX
DISCHARGE FROM HOSPITAL (JHASKETAN )(1).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PPTX
GW4 BioMed Interview Support Webinar 2026
byGW4BioMedMRCDTP
 
PPTX
special senses-eye, ear, nose, tongue.pptx
byAshish Umale
 
PPTX
Throat painting and throat swab.....pptx
byAneetaSharma15
 
PPTX
History in your Hands Class 5 January 2026 online slides.pptx
byEilsONeill
 
PPTX
Overview of SEO optimiser in Odoo 19 Website
byCeline George
 
PPTX
Regenerate invoice in odoo 19 Accounting
byCeline George
 
PPTX
Allow Quantity Modification in Combo in Odoo 19 pos
byCeline George
 
CHUYÊN ĐỀ ÔN LUYỆN TUYỂN SINH 9 LÊN 10 - MÔN TOÁN - CÓ LỜI GIẢI CHI TIẾT - TH...
byNguyen Thanh Tu Collection
 
Overview of Ethiopian Agriculture: Systems and Economic Impact.pdf
byinebaseifu
 
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
1.The-Story-of-Indian-Farming ppt/7th part 2/by k sandeep swamy(MSc,BEd)/samy...
bySandeep Swamy
 
ATOMIC-STRUCTURE.pdf/class 11 chemistry/IITJEE AND NEET/By: K SANDEEP SWAMY(M...
bySandeep Swamy
 
Fidelity to Energy: A Critical Analysis of Baz Luhrmann’s Intersemiotic Trans...
byKruti Vyas
 
Halogen-Derivatives.pdf/BY K SANDEEP SWAMY/FOR ONLINE CLASSES CONTACT 9491878325
bySandeep Swamy
 
eSAT-for-Teachers-2025-2028-ver.2-Nov2025 idp.pdf
byJunmelValientes
 
Prepositions of Place : English Grammar Presentation
byPintoo Dhillon
 
ANTI-TUSSIVE CHAPTER NO.05 PHARMACOGNOSY
byGanu Gavade
 
Capacity Building Programme for Teachers on Equitable and Inclusive Education
byMUKHTAR133762
 
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
DISCHARGE FROM HOSPITAL (JHASKETAN )(1).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
GW4 BioMed Interview Support Webinar 2026
byGW4BioMedMRCDTP
 
special senses-eye, ear, nose, tongue.pptx
byAshish Umale
 
Throat painting and throat swab.....pptx
byAneetaSharma15
 
History in your Hands Class 5 January 2026 online slides.pptx
byEilsONeill
 
Overview of SEO optimiser in Odoo 19 Website
byCeline George
 
Regenerate invoice in odoo 19 Accounting
byCeline George
 
Allow Quantity Modification in Combo in Odoo 19 pos
byCeline George
 

Secure programming language basis

  • 1.
    DESIGN A SECURE PROGRAMMING LANGUAGE
  • 2.
    Overview • To developa secure application secure coding techniques should be incorporated into every phase of SDLC • Discusses about impact of various vulnerabilities • Covers secure coding guidelines for Java and C++. • Reviews about the High Integrity C++ i.e. HICPP
  • 3.
    Vulnerabilities Buffer Overflow • Abuffer overflow occurs when a program allows input to write data beyond allocated memory Integer Overflow • An integer overflow takes place when the integer variable tries to store a larger value than the valid range as a result of an arithmetic operation
  • 4.
    Vulnerabilities Command Injection • Takesplace when malicious data is embedded into input and is passed to the shell Improper error handling • When a programmer fails to implement proper error handling, the application might leak information
  • 5.
    Secure Software Development Secure • To reduce the number of vulnerabilities before development starts Architecture • It is easier and more cost-effective to and Design eliminate security flaws • Increase awareness about software Secure Coding security among the developer Practices • Code Review Software • Penetration Testing Security Testing • Fuzz Testing
  • 6.
    General Secure CodingGuidelines  Efficient input validation is mandatory  Modular programming approach  Use of the latest compilers  Encrypt all confidential data using strong cryptographic techniques  Practice to code with proper error/exception handling  Every organization must educate its developers on how to write secure code
  • 7.
    Programming Language-Specific Guidelines • Secure Coding Practices in Java • Secure Coding Practices In C/ C++
  • 8.
    Secure Coding Practicesin Java  Understand the effect of a superclass on a subclass  Use public static fields for defining a constant  Use try catch statements for exception handling  An instance of a non-final class is fully initialized  Be cautious when dealing with multiple threads
  • 9.
    Secure Coding Practicesin C/C++  Use pointers safely  Watch out for memory leaks  Run a ‘Garbage Collector’ to free the memory  Securely delete sensitive data from memory by declaring the variable as volatile  Allocate memory dynamically
  • 10.
    High Integrity C++ Define the set of rules and guidelines for the production of C++ code  It provide the restrictions necessary to make C++ suitable.  exploring C++ use for high integrity and safety critical applications  Enforce the best and secure practice in C++ development.
  • 11.
    Conclusion Provides a practicaland effective set of secure coding guidelines Secure SDLC that considers security at every stage of development contributes to early identification of potential vulnerabilities Discusses the about the concept of HICPP which is more secure than C++.
  • 12.
    References [1]. Kevin SooHoo, Andrew W. Sudbury and Andrew R. Jaquith, ‘Tangible ROI through Secure Software Engineering’, 2006. [2]. Michael Howard, David LeBlanc and John Viega, ‘19 Deadly Sins of Software Security’, 2005. [3]. Andrew van der Stock, Jeff Williams, Dave Wichers ‘OWASP top 10: The 10 most critical web application security vulnerabilities’, 2007. [4]. Noopur Davis, ‘Secure Software Development Life Cycle Processes: A technology Scouting Report’,2006. [5]. Michael Howard, Steve Lipner , ‘The Security Development Life Cycle’, 2006.
  • 13.
    References [6]. Sun Microsystems,Inc., ‘Secure Coding Guidelines for the Java Programming Language, version 2.0’, 2007 [7]. Mark G. Graff, Kenneth R. van Wyk, ‘Secure Coding Principles, and Practices’, 2003. [8]. Dave Dyer, ‘Can Assure save Java from the perils of multithreading’, 1998 [9]. Flight Lieutenant Derek W. Reinhardt, ‘Use of the C++ Programming Language in Safety Critical Systems’, 2004 [10]. Trupti Shiralkar and Brenda Grove,’ Guidelines for Secure Coding’, 2009