Difference between revisions of "SVG:Secure Coding"
Line 13: | Line 13: | ||
The Sans Institute provides a list of the [http://www.sans.org/top25-software-errors/Top 25 most dangerous programming errors] Although these are not Grid specific, many of the vulnerabilities found by or reported to the previous EGEE GSVG in Grid Middleware fall into these categories. | The Sans Institute provides a list of the [http://www.sans.org/top25-software-errors/Top 25 most dangerous programming errors] Although these are not Grid specific, many of the vulnerabilities found by or reported to the previous EGEE GSVG in Grid Middleware fall into these categories. | ||
== University of Wisconsin Tutorials == | == University of Wisconsin Tutorials == | ||
Line 18: | Line 19: | ||
The University of Wisconsin have developed a two-part tutorial to help train analysts and developers in their vulnerability assessment techniques and in secure programming. These are | The University of Wisconsin have developed a two-part tutorial to help train analysts and developers in their vulnerability assessment techniques and in secure programming. These are | ||
available at their [http://www.cs.wisc.edu/mist/includes/tutorials.html tutorials] page. | available at their [http://www.cs.wisc.edu/mist/includes/tutorials.html tutorials] page. | ||
Revision as of 17:28, 3 November 2010
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Secure Coding
If you are a developer, please make an effort to become aware of how to avoid introducing new vulnerabilities and how to write secure code
Valdiate input Don't trust user input, it could be malicious. This should include input from clients you have written, as they can be modfied to allow malicious input.
Check File permissions Any file or directory with world write permission could be modified with malicious content
Learn about secure programming Tutorials have been given at various Grid conferences and texts are available on how to avoid writing vulnerable code.
Top 25 Most dangerous programming errors
The Sans Institute provides a list of the 25 most dangerous programming errors Although these are not Grid specific, many of the vulnerabilities found by or reported to the previous EGEE GSVG in Grid Middleware fall into these categories.
University of Wisconsin Tutorials
The University of Wisconsin have developed a two-part tutorial to help train analysts and developers in their vulnerability assessment techniques and in secure programming. These are available at their tutorials page.
Other Information
More information will be provided later.
Also see