Studies in secure programming for admins

DANGEROUS INPUT

Author(s):

Like a poison apple, a Web program that is tasty on the surface may contain a highly dangerous core. Admins who do their own programming need to follow secure programming practices to avoid the bitter taste of insecurity.

This article describes some special kinds of program input that administrators who maintain Websites often contend with. I’ll present case studies that take a close look at problems and solutions related to cross-site scripting, malicious email addresses, and buffer overflows. If there is a theme to this discussion, it is that developers need to carefully validate all input and the relationships between various items of input. Assume all input is guilty until proven innocent. And the more complex this input is, the more important it is to code carefully to anticipate the actions of would-be intruders.

Read full article as PDF:

Secure_Programming.pdf (295.01 kB)

Related content

  • PHP for Sysadmins

    Most admins tend to use the shell, Perl,or Python if they need a system administration script. But there is no need for web programmers to learn another language just to script a routine task. PHP gives admins the power to program command-line tools and even complete web interfaces.

  • PHP Security Principles

    Many web attacks are the result of programmer error. Sloppy code testing leaves a door open for the uninvited.

  • OpenVPN

    Wireless networks are practical but dangerous at the same time.WEP encryption is unlikely to stop an attacker. But help is at hand in the form of add-on security measures such as an encrypted OpenVPN tunnel.

  • XSA Attack

    A new form of phishing attack deposits an HTML tag on the vulnerable service to trap users into authenticating.

  • Nmap Scripting

    Nmap is rolling out a new scripting engine to automatically investigate vulnerabilities that turn up in a security scan. We’ll show you how to protect your network with Nmap and NSE.

comments powered by Disqus

Direct Download

Read full article as PDF:

Secure_Programming.pdf (295.01 kB)

News