|
|
|
|
|
|
On the Importance of Secure Coding
|
|
Hits: 0 |
|
Date added: 08/05/2005 |
|
Secure coding (secure programming) is a field that is gaining a lot of attention. Flaws are constantly discovered in a wide range of known server applications. These flaws are not flaws emerging from an insecure high-level design of the applications but are flaws that were introduced at the source code level and that are a result of careless programming. Such flaws can be exploits of buffer overflows or the result of lacking input validation routines. In this document I will provide a brief definition of secure coding and of secure programs and will try to assess the reasons for the need to focus efforts on this aspect of information security. |
|
|
|
|
|
|
An Overview of Common Programming Security Vuln...
|
|
Hits: 0 |
|
Date added: 07/30/2005 |
|
An Overview of Common Programming Security Vulnerabilities and Possible Solutions
Programming security vulnerabilities are the most common cause of software security breaches in current day computing. While these can easily be avoided by an attentive programmer, many programs still contain these kinds of vulnerabilities. This document will describe what the most commonly occuring ones are and will then explain how these can be abused to make a program do something it did not intend to do. We will then take a look at how a recent vulnerability in popular piece of software was exploited to allow an attacker to take control of the execution flow of that program. Several solutions exist to detect and prevent many, though not all, of the vulnerabilities described in this document in existing programs without requiring source code modifications, and in some cases without even requiring access to the source code to the applications. We will take an indepth look at how these solutions are implemented and what their effects are on legitimate programs, how they attempt to mitigate the restrictions they impose and what their impact is on the performance of the programs they attempt to protect. We will also describe if and how these solutions can be bypassed. |
|
|
|
|
|
|
IP Banning tutorial (PHP)
|
|
Hits: 0 |
|
Date added: 05/25/2005 |
|
|
|
|
|
