Secure coding

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Secure coding" – news · newspapers · books · scholar · JSTOR (September 2017) (Learn how and when to remove this message) This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (September 2010) (Learn how and when to remove this message) (Learn how and when to remove this message)

Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.^[1] Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.

Ara Bellek Taşması,İşlemci belirlenen ara bellek uzunluğunu aştığında ortaya çıkan genel yazılım güvenlik açığıdır. Örneğin veri ögelerini saklamak için 8 bölüt varsa,9 veri ögesi saklanmak istenildiğinde problem ortaya çıkar.Bilgisayar belleği taşan veri sorunuyla karşılaştığında verinin bir sonraki yerine üstüne yazma işlemi gerçekleştirir,bu da güvenlik zafiyetine(yığın aşılması) veya programın bitirilmesine(bölümlendirme hatası) sebebiyet verebilir.^[1]

ara bellek taşmasına eğilimi olan bir C C programı aşağıda verilmiştir.

int vulnerable_function(char * large_user_input) {
	char dst[SMALL];
	strcpy(dst, large_user_input);
}

Eğer kullanıcı hedef bellekten daha büyük bir girdi verirse,ara bellek taşması meydana gelebilir. Bu tehlikeli programı düzeltmek için, strncpy metodu olası ara bellek taşması problemini önleyebilir.

int secure_function(char * user_input) {
	char dst[BUF_SIZE];
    //copy a maximum of BUF_SIZE bytes
	strncpy(dst, user_input,BUF_SIZE);
}

Diğer güvenli seçenek ise hafızayı dinamik olarak yığın yapısıyla ayırmaktır.malloc.

char * secure_copy(char * src) {
	int len = strlen(src);
	char * dst = (char *) malloc(len + 1);
	if(dst != NULL){
		strncpy(dst, src, len);
		//append null terminator 
	    dst[len] = '\0';
	}
	return dst;
}

Yukarıdaki kod parçasında, program src into dst, içeriklerini kopyalar,bunu yaparken de malloc'tan gelen dönüş tipini kontrol eder ki hedef belleğin yeterli hafızası olsun.

A Format String Attack is when a malicious user supplies specific inputs that will eventually be entered as an argument to a function that performs formatting, such as printf(). The attack involves the adversary reading from or writing to the stack.

The C printf function writes output to stdout. If the parameter of the printf function is not properly formatted, several security bugs can be introduced. Below is a program that is vulnerable to a format string attack.

int vulnerable_print(char * malicious_input) {
	printf(malicious_input);
}

A malicious argument passed to the program could be “%s%s%s%s%s%s%s”, which can crash the program from improper memory reads.

Integer overflow occurs when an arithmetic operation results in an integer too large to be represented within the available space. A program which does not properly check for integer overflow introduces potential software bugs and exploits.

Below is a function in C++ which attempts to confirm that the sum of x and y is less than or equal to a defined value MAX:

bool sumIsValid_flawed(unsigned int x, unsigned int y) {
	unsigned int sum = x + y;
	return sum <= MAX;
}

The problem with the code is it does not check for integer overflow on the addition operation. If the sum of x and y is greater than the maximum possible value of an unsigned int, the addition operation will overflow and perhaps result in a value less than or equal to MAX, even though the sum of x and y is greater than MAX.

Below is a function which checks for overflow by confirming the sum is greater than or equal to both x and y. If the sum did overflow, the sum would be less than x or less than y.

bool sumIsValid_secure(unsigned int x, unsigned int y) {
	unsigned int sum = x + y;
	return sum >= x && sum >= y && sum <= MAX;
}

• Defensive programming
• Security bug

• Taylor, Art; Brian Buege; Randy Layman (2006). Hacking Exposed J2EE & Java. McGraw-Hill Primis. p. 426. ISBN 0-390-59975-1.