Programmer's top ten security skills
Summary: There are many situations that will lead to trouble. You may trust all code running on your network, give all users access to important files, and check if the code on your machine is changed from the unhealthy. You may also not install anti-virus software, do not give you your own code to establish a security mechanism, and give too many accounts for too much account. You may even use a large number of built-in functions very much, allow malicious intrusion, and may be carried out without any monitoring measures with the server port. Obviously, we can also give more examples. What is a real important issue (ie, in order to avoid endanger your data and system, should you immediately pay attention to the most dangerous mistakes)? Security experts Michael Howard and Keith Brown put forward ten techniques to help you relieve your dilemma.
Security issues involve many aspects. Security risks may come anywhere. You may write an invalid error handling code, or too generous when you give privileges. You may have forgotten what services are running on your server. You may accept all user inputs. So wait. In order to make you have a good start in protecting your own computer, network, and code, you will showcase ten techniques and follow these techniques to get a safer network policy.
1. The input of trusted users will put themselves in danger.
Even if you don't read the rest of the content, you should also remember a little, "Don't trust the user input". If you always assume that the data is valid and there is no malicious, then the problem is coming. Most secure weak links are related to the data that the attacker provides malicious writing to the server.
The correctness of trust input may cause buffer overflow, cross-site script attack, SQL insert code attack, etc.
Let us discuss these potential attacks in detail.
2. Prevent buffer overflow
When the data length provided by the attacker is greater than the expected application's expectations, the buffer overflow occurs, and the data will overflow to the internal memory space. The buffer overflow is mainly a C / C issue. They are threats, but it is usually very easy to fix. We only see two buffers overflows that are not obvious and difficult to repair. Developers do not expect the external data to be larger than the internal buffer. Overflow causes damage to other data structures in memory, which is usually utilized by attackers to run malicious code. The number of sets of indexes will result in buffer overflow and overrun, but this situation is not so common.
Please see the following C code snippet:
Void DOSMETHING (CHAR * CBUFFSRC, DWORD CBBUFFSRC) {Char CBuffDest [32]; Memcpy (CBuffDest, CBuffsrc, CBBuffsrc);
Where is the problem? In fact, if the CBuffsrc and CBBuffsrc come from a trusted source (such as untrusted data, verify the validity of the data and the size of the size of the data), this code does not have any questions. However, if the data comes from untrustworthy sources, it is not validated, then the attacker (invisible source) can easily make CBuffsrc larger than CBuffDest, but also set the CBBUFFSRC to CBuffDest. When Memcpy copies the data into the CBuffDest, the return address from DOSMETHING will be changed because the CBuffDest is adjacent to the returned address on the stack frame of the function. At this time, the attacker can perform some malicious operations through the code.
The method of compensating is not to trust the user's input and do not trust any data carried in the CBuffsrc and CBBUFFSRC:
void DoSomething (char * cBuffSrc, DWORD cbBuffSrc) {const DWORD cbBuffDest = 32; char cBuffDest [cbBuffDest]; # ifdef _DEBUGmemset (cBuffDest, 0x33, cbBuffSrc); # endifmemcpy (cBuffDest, cBuffSrc, min (cbBuffDest, cbBuffSrc));} This function demonstrates three features of the correct written function that reduces the buffer overflow. First, it requires the caller to provide the length of the buffer. Of course, you can't blindly believe this value! Next, in a debug version, the code will be able to probe whether the buffer is really enough to store the source buffer. If it is not, it may trigger an access conflict and put the code into the debugger. When debugging, you will be surprised that there are so many errors. Finally, it is also the most important thing that the call to Memcpy is defensive, which does not copy data for more than target buffers storage capabilities.
In Windows? Security Push AT Microsoft (Microsoft Windows? Safe Push), we created a list of secure string processing functions for C programmers. You can find them in Strsafe.h: Safer String Handling In C.
3. Prevent cross-site script
Cross-site scripting attacks are a Web-specific issue, which can harm the client's data over a single hidden danger through a single web page. Imagine what consequences of the ASP.NET code snippet below:
