Extra Defensive Measures

Previous page
Table of content
Next page

Here are a small number of useful defensive layers to add to your applications:

  • Use encryption properly to store sensitive information, and signing to mitigate tampering threats when you cannot set strict ACLs.

  • Use ACLs or permissions to restrict who can access (read and write) secret data if it must be persisted .

  • Scrub the memory securely once you have finished with the secret data. This is often not possible in languages such as Java, or in Managed Code. However, .NET 2.0 adds the SecureString class to alleviate the issue.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
WebLogic: The Definitive Guide
Systematic Software Testing (Artech House Computer Library)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
File System Forensic Analysis
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy