Secure Programming Practices (2019)

From CyberEdWiki
Jump to: navigation, search

The intent of the Secure Programming Practices Knowledge Unit is to provide students with an understanding of the characteristics of secure programs and the ability to implement programs that are free from vulnerabilities.

Outcomes

To complete this KU, students should be able to:

  1. Produce software components that satisfy their functional requirements without introducing vulnerabilities
  2. Describe the characteristics of secure programming.
  3. Understand the vulnerabilities inherent in different programming languages.
  4. Examine vulnerabilities introduced through the use of libraries and how to mitigate those vulnerabilities.

Topics

  1. Interpretation and realization of Security Requirements
  2. Principles of Secure Programming
  3. Robust Programming
  4. Defensive Programming
    1. Input Validation, Type checking
    2. Cover all cases - use defaults to handle cases not explicitly covered.
    3. Catch and handle exceptions at the lowest level possible.
    4. Avoidance of risky coding constructs.
    5. Avoid information leakage through error messages.
    6. Apply security practices to classes.
      1. Do not allow data changes by reference in external interfaces.
      2. Use the context to determine data access.
      3. Support verification in data updates.
      4. Authenticate when possible.
  5. Programming Flaws
    1. Buffer Overflows, Integer Errors
  6. Static Analysis
  7. Data Obfuscation
  8. Data Protection
  9. Secure Programming paradigms
    1. Pair programming
    2. Code reviews
    3. Test-driven development

Categories

Specialization Areas

See also

Related Knowledge Units

Original Knowledge Unit

Further reading

Suggested textbooks

Suggested academic readings

Sample knowledge test

Sample skills test

Sample abilities test

Additional notes or materials

Contacts

Reference ID

SPP