Sin 12: Failing to Store and Protect Data Securely

Previous page
Table of content
Next page

Overview of the Sin

We often worry more about protecting information in transit than protecting the information while it is on disk, but the information spends more time stored on the system than it does in transit. There are a number of aspects you need to consider when storing data securely: permissions required to access the data, data encryption issues, and threats to stored secrets.

A variant of storing data securely is storing secrets in code, and we use the term storing very loosely! Of all the sins, this is the one that irks us the most, because its simply stupid. Many developers hardcode secret data into software, such as cryptographic keys and passwords, that they do not expect users to recover, believing that reverse engineering is too difficult to do. You may think its true, but if its not, those with malicious intent can reverse-engineer the code to divulge the secret data.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
The Complete Cisco VPN Configuration Guide
Data Structures and Algorithms in Java
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
802.11 Wireless Networks: The Definitive Guide, Second Edition
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy