Summary

Previous page
Table of content
Next page

  • Do test all web input, including forms, with malicious input.

  • Do understand the strengths and weaknesses of your approach if youre not using cryptographic primitives to solve some of these issues.

  • Do not embed confidential data in any HTTP or HTML construct, such as the URL, cookie, or form, if the channel is not secured using an encryption technology such as SSL, TLS, or IPSec, or it uses application-level cryptographic defenses.

  • Do not trust any data, confidential or not, in a web form, because malicious users can easily change the data to any value they like, regardless of SSL use or not.

  • Do not think the application is safe just because you plan to use cryptography; attackers will attack the system in other ways. For example, attackers wont attempt to guess cryptographically random numbers ; theyll try to view it.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Documenting Software Architectures: Views and Beyond
Managing Enterprise Systems with the Windows Script Host
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
C++ How to Program (5th Edition)
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy