security coding
Post on 27-Jun-2015
743 views
DESCRIPTION
The knowledge programmers need to know!TRANSCRIPT
![Page 1: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/1.jpg)
開發人員該知道?
·•資訊安全觀念 CIA
·•資訊安全策略 3A
·•環境設定與工具
·•資安程式開發
![Page 2: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/2.jpg)
Confidentiality !
Integrity !
Availability
![Page 3: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/3.jpg)
Authentication !
Authorization !
Accounting
![Page 4: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/4.jpg)
Secure Coding Guidelines
• Avoid duplication
• Restrict privileges
• Establish trust boundaries
• Minimize the number of permission checks
• Encapsulate
![Page 5: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/5.jpg)
Denial of Service
• Release resources in all cases
• "Zip bombs"
• "Billion laughs attack"
• "Log bombs"
• Infinite loops: "Messages poison”
• Resource limit checks should not suffer from integer overflow
![Page 6: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/6.jpg)
Confidential Information
• Purge sensitive information from exceptions
• Do not log highly sensitive information
• Consider purging highly sensitive from memory after use
![Page 7: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/7.jpg)
Injection & Inclusion
• Avoid dynamic SQL
• SQL Injection
• XML and HTML generation requires care
• Cross Site Scripting(XSS)
• Restrict XML inclusion
• XML External Entity (XXE)
![Page 8: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/8.jpg)
Accessibility & Extensibility
• Limit the accessibility of classes, interfaces, methods, and fields.
• Limit the accessibility of namespace.
• Isolate unrelated code.
• Limit the extensibility of classes and methods.
• Understand how a superclass can affect subclass behavior.
![Page 9: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/9.jpg)
Accessibility & Extensibility
Reducing the "attack surface" of the code
![Page 10: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/10.jpg)
Input Validation
• Validate inputs
• 有效值 • 特殊字元:URL / HTML / XML
![Page 11: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/11.jpg)
Mutability
• Prefer immutability for value types
• Create copies of mutable output values
• Make public static fields as constants
• Do not expose mutable statics
![Page 12: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/12.jpg)
Object Construction
• Avoid exposing constructors of sensitive classes
• Prevent the unauthorized construction of sensitive classes
• Prevent constructors from calling methods that can be overridden
![Page 13: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/13.jpg)
Serialization & Deserialization
• Avoid serialization for security-sensitive classes
• Guard sensitive data during serialization
• View deserialization the same as object construction
![Page 14: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/14.jpg)
Access Control
• Understand how permissions are checked
• Beware of callback (Lifecycle) methods
• Callback methods are generally invoked from the system with FULL permissions
• Be careful caching results of potentially privileged operations
![Page 15: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/15.jpg)
Security Coding 涵蓋了?·•Authentication & Authorization
·•Session & State management
·•Input & Output
·•File Handling
·•Error Handling
·•Auditing & Logging
·•Cryptography
·•Configuration
![Page 16: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/16.jpg)
Application Logging Tips
![Page 17: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/17.jpg)
使⽤用適當⼯工具
![Page 18: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/18.jpg)
• ERROR
• WARN
• INFO
• DEBUG
• TRACE
資訊分級
![Page 19: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/19.jpg)
Debug.WriteLine("Returning orders: {0}", orders);
到底在Log啥?
if(MyLog.isDebugEnabled()){ MyLog.Debug("It's a secret!”); }
![Page 20: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/20.jpg)
避免副作⽤用!
try { MyLog.Trace("Id=" + request.getUser().getId() ); MyLog.Trace("Accesses " + manager.getPage().getUrl().toString()); } catch(Exception e) { }
![Page 21: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/21.jpg)
簡潔描述!
if(message is TextMessage) //... else MyLog.Warn("Unknown message type");
![Page 22: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/22.jpg)
精確調整輸出格式!
時戳 等級 程式名稱 訊息 {0:HH:mm:ss} {1} {2} {3}
![Page 23: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/23.jpg)
public String printDocument(Document doc, Mode mode) { MyLog.Debug("Entering printDocument(doc={0}, mode={1})", doc, mode); String id = //... MyLog.Debug("Leaving printDocument(): {0}", id); return id; }
記錄⽅方法參數與回傳值!
![Page 24: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/24.jpg)
記錄例外狀況資訊!
MyLog.Error("IO exception", e); throw new MyCustomException(e);
![Page 25: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/25.jpg)
易於解讀!MyLog.Debug("Request TTL set to: {0} ({1})", new DateTime(ttl), ttl); // Request TTL set to: Wed Apr 28 20:14:12 CEST 2010 (1272478452437) !String duration = DurationFormatUtils.formatDurationWords(durationMillis, true, true); MyLog.Info("Importing took: {0}ms ({1})", durationMillis, duration); // Importing took: 123456789ms (1 day 10 hours 17 minutes 36 seconds)
![Page 26: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/26.jpg)
Summary
·•Use for daily log or tracing
·•Audience
·•Easy to read
·•Easy to analysis
·•Will it cause error?
·•System performance issue
![Page 27: Security coding](https://reader034.vdocuments.mx/reader034/viewer/2022052601/558de55e1a28abe7428b46d4/html5/thumbnails/27.jpg)
Fixing&bugs&by&releasing&a&patch&costs&60&6mes&more&than&fixing&the&same&bug&during&the&design&stage.&
Cost%of%fixing%security%flaws%during%different%development%phases%
Source:&h"p://www.auto.tuwien.ac.at0
Phases%
Cost%
Why Secure Coding Training is Important?