Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Secure Coding"

From EGIWiki
Jump to navigation Jump to search
(Deprecate page)
Tag: Replaced
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{svg-header}}
{{svg-header}}


If you are a developer, please make an effort to become aware of how to avoid introducing new vulnerabilities and how to write secure code
{{DeprecatedAndMovedTo|new_location=https://confluence.egi.eu/display/EGIBG/Secure+Coding}}
 
'''Valdiate input''' Don't trust user input, it could be malicious. This should include input from clients you have written, as they can be modfied to allow malicious input.
 
'''Check File permissions''' Any file or directory with world write permission could be modified with malicious content
 
'''Learn about secure programming''' Tutorials have been given at various Grid conferences and texts are available on how to avoid writing vulnerable code.
 
 
== Top 25 Most dangerous programming errors ==
 
The Sans Institute provides a list of the [http://www.sans.org/top25-software-errors/ Top 25 most dangerous programming errors] Although these are not Grid specific,  many of the vulnerabilities found by or reported to the previous EGEE GSVG in Grid Middleware fall into these categories. 
 
 
== University of Wisconsin Tutorials and secure coding practices ==
 
The University of Wisconsin have developed a two-part tutorial to help train analysts and developers in their vulnerability assessment techniques and in secure programming. These are
available at their [http://www.cs.wisc.edu/mist/includes/tutorials.html tutorials] page.
 
They have also developed a library for safely opening files, 
where the ownership and permissions of directories that comprise a path in the file system are tested to make sure an attacker can not manipulate them.
This is known as the [http://www.cs.wisc.edu/mist/safefile/ safefile library] and its adoption is being considered by the EMI project.
 
 
== Other Information ==
 
More information will be provided later.
 
Also see
 
* [http://www.gridpp.ac.uk/gsvg/docsguides/index.html  EGEE/GridPP  secure coding]

Latest revision as of 15:41, 21 October 2021

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Secure Coding


Alert.png This article is Deprecated and has been moved to https://confluence.egi.eu/display/EGIBG/Secure+Coding.


Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Secure_Coding&oldid=113469"