Build Security Software
01-17-2013, 03:49 AM
|Build Security Software
1. Figure out your security vulnerabilities and threats, including buffer overflows, system account privileges, misconfiguration, Windows system threats and application threats.
2. Identify buffer overflows in your applications, which are typically developed with API, COM object or other languages, and automatically manage memory allocation for you.
3. Identify applications running with administration privileges. These applications have no restrictions and can perform any transactions as they want. These programs are the exact targets hackers are looking for. To mitigate this type of attack, minimize the rights of a program.
4. Design and develop error handling methods that can detect configuration issues. This will allow the system to be configured properly to prevent attacks.
5. Implement the entire software development life cycle. Include user requirement analysis, system design and database design, system implementation, testing and system maintenance.
01-18-2013, 06:01 AM
|RE: Build Security Software
Build Security In is a collaborative effort that provides practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development. Build Security In is a Software Assurance strategic initiative of the National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security. Peer-reviewed material written by many authors is presented for public use. Staff of Carnegie Mellon University's Software Engineering Institute contribute, manage the article review process and maintain the site.
User(s) browsing this thread: 1 Guest(s)