Web/Security

Secure coding

데먕 2019. 9. 6. 08:16

1. Overview

The practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. 

2. Description

Guide

Description
Validate Input
  • Validate input from all untrusted data sources
  • Be suspicious of most external data sources, including command-line arguments, network interfaces, environmental variables, and user-controlled files
Heed compiler warnings
  • Compile code using the highest warning level available for your compiler and eliminate warning by modifying the code.
  • Use static and dynamic analysis tools like Sonarqube to detect and eliminate additional security flaws.
Architect and design for security policies
  • Create a software architecture and design software to implement and enforce security policies
  • Divide privileges set appropriately
Keep it simple
  • Keep  the design as simple and small as possible
  • Complex designs increase the likelihood that errors will be made in their implementation, configuration, and use
  • The effort required to achieve an appropriate level of assurance increases dramatically as security mechanisms become more complex
Default deny
  • Base access decisions on permission rather than exclusion
Adhere to the principle of least privilege
  • Every process should execute with the least set of privileges necessary to complete the job
  • Any elevated permission should only be accessed for the least amount of time required to complete the privileged task
Sanitize data sent to other systems
  • Sanitize all data passed to complex subsystems such as command shells, relational databases, and commercial off-the-shelf(COTS) components.
    • Attackers may be able to invoke unused functionality in these components through the use of SQL, command, or other injection attacks
  • Calling process has responsible for sanitizing the data before invoking the subsystems because it knows the context.
Practice defense in depth
  • Manage risk with multiple defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense can prevent a security flaw from becoming an exploitable vulnerability and limit the consequences of a successful exploit
Use effective quality assurance techniques
  • Good quality assurance techniques can be effective in identifying and eliminating vulnerabilities
  • Fuzz testing, penetration testing, and source code audits should all be incorporated as part of an effective quality assurance program
  • Independent security reviews can lead to more secure systems
Adopt a secure coding standard
  • Develop and apply a secure coding standard for your target development language and platform
Define security requirement
  • Identify and document security requirements early in the development life cycle
  • Make sure subsequent development artifacts are evaluated for compliance with those requirements
Model threats
  • Use threat modeling involves identifying key assets, decomposing the application, identifying and categorizing the threats to each asset or component, rating the threats based on a risk ranking, and then developing threat mitigation strategies

3. References

https://wiki.sei.cmu.edu/confluence/display/seccode/Top%2B10%2BSecure%2BCoding%2BPractices

https://en.wikipedia.org/wiki/Secure_coding

https://en.wikipedia.org/wiki/Defensive_programming

https://developers.redhat.com/topics/secure-coding/

https://wiki.sei.cmu.edu/confluence/display/seccode/Top%2B10%2BSecure%2BCoding%2BPractices

https://techbeacon.com/security/4-ways-secure-your-code-regardless-programming-language

https://www.csoonline.com/article/3335120/15-secure-coding-practices-to-use-in-digital-identity.html

https://www.owasp.org/index.php/Secure_Coding_Cheat_Sheet

https://searchsecurity.techtarget.com/definition/fuzz-testing