|
On the Importance of Secure Coding
|
|
Hits: 0 |
|
Date added: 08/05/2005 |
|
Secure coding (secure programming) is a field that is gaining a lot of attention. Flaws are constantly discovered in a wide range of known server applications. These flaws are not flaws emerging from an insecure high-level design of the applications but are flaws that were introduced at the source code level and that are a result of careless programming. Such flaws can be exploits of buffer overflows or the result of lacking input validation routines. In this document I will provide a brief definition of secure coding and of secure programs and will try to assess the reasons for the need to focus efforts on this aspect of information security. |
|
|
|
|
|
|
An Overview of Common Programming Security Vuln...
|
|
Hits: 0 |
|
Date added: 07/30/2005 |
|
An Overview of Common Programming Security Vulnerabilities and Possible Solutions
Programming security vulnerabilities are the most common cause of software security breaches in current day computing. While these can easily be avoided by an attentive programmer, many programs still contain these kinds of vulnerabilities. This document will describe what the most commonly occuring ones are and will then explain how these can be abused to make a program do something it did not intend to do. We will then take a look at how a recent vulnerability in popular piece of software was exploited to allow an attacker to take control of the execution flow of that program. Several solutions exist to detect and prevent many, though not all, of the vulnerabilities described in this document in existing programs without requiring source code modifications, and in some cases without even requiring access to the source code to the applications. We will take an indepth look at how these solutions are implemented and what their effects are on legitimate programs, how they attempt to mitigate the restrictions they impose and what their impact is on the performance of the programs they attempt to protect. We will also describe if and how these solutions can be bypassed. |
|
|
|
|
|
IP Banning tutorial (PHP)
|
|
Hits: 0 |
|
Date added: 05/25/2005 |
|
|
|
|
|
|
|
Web Database Applications with PHP & MySQL
|
|
Hits: 0 |
|
Date added: 01/09/2007 |
|
There are many reasons for serving up dynamic content from a web site: to offer an online shopping site, create customized information pages for users, or just manage a large volume of content through a database. Anyone with a modest knowledge of HTML and web site management can learn to create dynamic content through the PHP programming language and the MySQL database. This book gives you the background and tools to do the job safely and reliably. Web Database Applications with PHP and MySQL, Second Edition thoroughly reflects the needs of real-world applications. It goes into detail on such practical issues as validating input, do you know what a proper credit card number looks like?, logging in users, and using templates to give your dynamic web pages a standard look. But this book goes even further. It shows how JavaScript and PHP can be used in tandem to make a user's experience faster and more pleasant. It shows the correct way to handle errors in user input so that a site looks professional. It introduces the vast collection of powerful tools available in the PEAR repository and shows how to use some of the most popular tools. Even while it serves as an introduction to new programmers, the book does not omit critical tasks that web sites require. |
|
|
|
