Saturday, April 27, 2013

Software Security Sales Saturdays

Components to look for: 
1. Input, whether read from the network, afile, or from the command line 
2. Transfer of data from said input of internal structures. 
3. Use of unsafe string handling calls (especially in XML - eXtensible Markup Language 
4. Use of arithmetic to calculate an allocation size or remaining buffer size 

spotting a sin in bad code, look for unsafe string handling functions. 
converting code to use only safe calls has a low regression rate (any where from 1/10th to 1/100th of the normal bug fix regresion rate and it will remove exploits from your code. 

- the overall best approach is to trace user input from the entry points of your application through all the function calls. Being aware of what the attacker controls makes a big difference! 
- 19 deadly sins of software security 

-Get Love or Die Tryin' 
                        Minimize bad habits in 
 the environment that you're in
It's not about picking up.
Girls/ Guys are drugs, but some
habits will have you left 
rolled up in a rug. 

No comments:

Post a Comment