Summary

Previous page
Table of content
Next page

  • Do define who should have access to what error and status information data.

  • Do use operating system defenses such as ACLs and permissions.

  • Do use cryptographic means to protect sensitive data.

  • Do not disclose system status information to untrusted users.

  • Do not provide high-precision time stamps alongside encrypted data. If you need to provide them, remove precision and/or stick it in the encrypted payload (if possible).

  • Consider using other less commonly used operating system defenses such as file-based encryption.

  • Consider using cryptography implementations explicitly hardened against timing attacks.

  • Consider using the Bell-LaPadula model, preferably through a preexisting mechanism.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
VBScript Programmers Reference
Cisco IOS Cookbook (Cookbooks (OReilly))
Information Dashboard Design: The Effective Visual Communication of Data
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy