Secure Coding SwA Pocket Guide - Build Security In - US-CERT

More documents

Recommendations

Info

Resources» Secure Coding in C and C++. Seacord, Robert C. Upper Saddle River, NJ: Addison-Wesley.September 2005.» “Secure Coding Guide.” Mac OS X Reference Library. 12 February 2010. 28 July 2010.» “Enhancing the Development Life Cycle to Produce Secure Software.” United States Government.Department of Homeland Security - Software Assurance Forum Process and Practices WorkingGroup. The Data & Analysis Center for Software [DACS]. October 2008 Version 2.0. United StatesGovernment. Defense Technical Information Center. 24 June 2010.» Secure Programming for Linux and Unix HOWTO -- Creating Secure Software. Wheeler, David A. 3March 2010 Version 3. 20 Dec 2010 .OverviewCode that is not properly protected can allow an intruder to view sensitive information, change or delete valuable or importantdata, deny service, run programs, or plant malicious code within a software system. Because of the risks associated withsoftware and the supply chain, it is critically important that precautions be taken through every process in the softwaredevelopment lifecycle.Secure coding is a prerequisite for producing robustly secure software. The development of secure software is a complexendeavor and requires a systematic process. The most commonly exploited vulnerabilities are seemingly easily avoidabledefects in software. Producing secure code is not an absolute science because it depends on a wide range of variables, some ofwhich cannot be easily or accurately measured. Such variables range from the language or platform being used to the nature ofthe software being developed or the data with which the software is meant to work. This guide does not prescribe answers for allpossible situations. Rather, it discusses fundamental practices for secure coding, and lists resources that provide additionalinformation about these practices. Using these resources, practitioners can write more secure code for their particularenvironment. Secure coding fundamentals and tips include:» Preparing to Write Secure Code ................................................ 4o Choose a Language with Security in Mind .......................... 4o Create a Secure Development Process .............................. 6o Create an Application Guide ................................................ 6o Identify Safe and Secure Software Libraries ....................... 7» Secure Coding Principles ........................................................... 8o Keep Code Small and Simple .............................................. 8o Make Code Backward and Forward Traceable ................... 9o Code for Reuse and Maintainability ..................................... 9o Follow Secure Coding Standards and/orGuidelines .................................................................. 9o Use Compiler Security Checking and Enforcement .......... 10o Avoid Security Conflicts Arising Between Nativeand Non-Native, Passive and DynamicCode ......................................................................... 11o Review Code During and After Coding .............................. 12» Secure Coding Practices .......................................................... 14o CWE/SANS Top 25 Error List/OWASP Top 10 List........... 14o Validate and Encode Input ................................................ 14Software Assurance Pocket Guide Series:Development Volume VI – Version 2.0, , May 18, 2012Secure Coding3
o Filter and Sanitize Output and Callouts .............................. 16o Minimize Retention of State Information ............................ 16o Do Not Allow Unauthorized Privilege Escalation ................ 17o Leverage Security through Obscurity Only as anAdditional Deterrence Measure ................................. 17o Use Strongly Typed Parameterized Queries ...................... 17o Incorporate Interprocess Authentication ............................. 17o Leverage Attack Patterns ................................................... 18o Implement Encryption and Hashing ................................... 18o Protect Sensitive Information ............................................. 19o Disable Debugging Tools Prior to Deployment .................. 19» Secure Memory and Cache Management ................................ 20o Limit Persistent Memory Caching ....................................... 20o Allocate Memory and Other Resources Carefully .............. 21» Secure Error and Exception Handling ....................................... 21o Integrate Anomaly Awareness ........................................... 23o Incorporate Runtime Error Checking and SafetyEnforcement .............................................................. 23o Use Event Monitors ............................................................ 23o Fail Securely ....................................................................... 23» What to Avoid ............................................................................ 24o Do Not Use Deprecated or Insecure Functions .................. 24o Do Not Use Filenames in an Improper Manner .................. 25» Questions to Ask Software Developers .................................... 25» Conclusion ................................................................................ 27Preparing to Write Secure CodeBefore writing code, the development team must first determine how they plan to accomplish their assigned task. It is importantto remember that writing secure code needs the support of secure requirements, architecture, and design. To find more on thesetopics, reference “Requirements and Analysis for Secure Software” and “Architecture and Design Considerations for SecureSoftware.” Both of these documents are part of the SwA Pocket Guide Series.Choose a Language with Security in MindThe choice of a programming language is an important factor in software security. In many cases, legacy code, the available skillsets, or customer requirements, including the environment, may restrict programming language options. When evaluating andselecting the programming language(s), you should ask these key security-relevant questions:» Which languages have your programmers used? Programmers are likely to make more errors when developing inlanguages they have little experience using.» Does the language help or inhibit the development of secure code?» What secure coding standards are available for the language (if any)?» What security issues exist in the language? What mitigation strategies exist? How effective are they?Weighing language choices: In many situations, the choice of language can directly affect the system’s security. The mostprominent example is the effect of array bounds checking, which Java provides but C does not. Although most modern Ccompilers support runtime bounds checking, this feature (or lack thereof) has left a legacy of buffer-overflow-based vulnerabilitiesin web servers, operating systems, and applications. Java is without these specific vulnerabilities, but may not be appropriate forSoftware Assurance Pocket Guide Series:Development Volume VI – Version 2.0, , May 18, 2012Secure Coding4
Page 1 and 2: SOFTWARE ASSURANCE IN ACQUISITION:
Page 3: Information contained in this pocke
Page 7 and 8: Create a Secure Development Process
Page 9 and 10: damaged [Grembi 2010]. Having the c
Page 11 and 12: Resources» CERT Secure Coding Stan
Page 13 and 14: Review Code During and After Coding
Page 15 and 16: Secure Coding PracticesCWE/SANS Top
Page 17 and 18: parsers have changed the input to c
Page 19: systems is driving the definition o
Page 23 and 24: thrown during testing or operation.
Page 25 and 26: eveals sensitive information about
Page 27 and 28: » What language is used and why?»
Page 29 and 30: Anyone making further distribution

Secure Coding SwA Pocket Guide - Build Security In - US-CERT

Create successful ePaper yourself

Delete template?

Save as template?