Spotting the Sin Pattern

Previous page
Table of content
Next page

For the weak access control issue, look for code that:

  • Sets access controls

  • AND grants write access to low-privileged users

or

  • Creates an object without setting access controls

  • AND creates the object in a place writable by low-privileged users

or

  • Writes configuration information into a shared area

or

  • Writes sensitive information into an area readable by low-privileged users

For the embedded data sin, you should evaluate any code using any kind of encryption or creating outbound authenticated connections and determine where the password or key comes from; if it comes from within the code, you have a bug you need to fix (see the following section).


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Systematic Software Testing (Artech House Computer Library)
MySQL Clustering
The Complete Cisco VPN Configuration Guide
The Oracle Hackers Handbook: Hacking and Defending Oracle
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy