Chapter 3. Design

Previous page
Table of content
Next page
   

I don't know what effect these men will have on the enemy, but, by God, they frighten me.

The Duke of Wellington, on replacements sent to him in Spain

Good design is the sword and shield of the security-conscious developer. Sound design defends your applications from subversion or misuse, protecting your network and the information on it from internal and external attacks alike. It also provides a safe foundation for future extensions and maintenance of the software.

Bad design makes life easier for attackers and harder for the good guys, especially if it contributes to a false sense of security while obscuring pertinent failings.

Think about the designers of the TCP protocol. They made mistakes that resulted in a great deal of heartache, because they did not adequately understand their potential adversaries. They (and, later, the implementers as well) did an admirable job of making software that properly executed the relevant Internet Requests for Comments (RFCs) that defined the protocol. But they did not adequately consider what would happen when a remote system behaved dishonorably, with the deliberate intent of not following the RFCs. SYN flood attacks were the result. Attackers cheat!

Where does good design come from? How can you make good design decisions and avoid bad ones? This chapter shows you how to make secure design decisions.

   

Previous page
Table of content
Next page
Secure Coding[c] Principles and Practices 2003
Secure Coding[c] Principles and Practices 2003
ISBN: 596002424
EAN: N/A
Year: 2004
Pages: 81
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
SQL Hacks
Competency-Based Human Resource Management
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy