Secure coding

Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.^[1] Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.

Buffer-overflow prevention

Buffer overflows, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflowed data may overwrite data in the next location which can result in a security vulnerability (stack smashing) or program termination (segmentation fault).^[1]

An example of a C program prone to a buffer overflow is

int vulnerable_function(char * large_user_input) {
	char dst[SMALL];
	strcpy(dst, large_user_input);
}

If the user input is larger than the destination buffer, a buffer overflow will occur. To fix this unsafe program, use strncpy to prevent a possible buffer overflow.

int secure_function(char * user_input) {
	char dst[BUF_SIZE];
    //copy a maximum of BUF_SIZE bytes
	strncpy(dst, user_input,BUF_SIZE);
}

Another secure alternative is to dynamically allocate memory on the heap using malloc.

char * secure_copy(char * src) {
	int len = strlen(src);
	char * dst = (char *) malloc(len + 1);
	if(dst != NULL){
		strncpy(dst, src, len);
		//append null terminator 
	    dst[len] = '\0';
	}
	return dst;
}

In the above code snippet, the program attempts to copy the contents of src into dst, while also checking the return value of malloc to ensure that enough memory was able to be allocated for the destination buffer.

Format-string attack prevention

A Format String Attack is when a malicious user supplies specific inputs that will eventually be entered as an argument to a function that performs formatting, such as printf(). The attack involves the adversary reading from or writing to the stack.

The C printf function writes output to stdout. If the parameter of the printf function is not properly formatted, several security bugs can be introduced. Below is a program that is vulnerable to a format string attack.

int vulnerable_print(char * malicious_input) {
	printf(malicious_input);
}

A malicious argument passed to the program could be “%s%s%s%s%s%s%s”, which can crash the program from improper memory reads.

Integer-overflow prevention

Integer overflow occurs when an arithmetic operation results in an integer too large to be represented within the available space. A program which does not properly check for integer overflow introduces potential software bugs and exploits.

Below is a program which checks for overflow by confirming the sum is greater than or equal to x and y. If the sum did overflow, the sum would be less than x or less than y.

bool isValid(unsigned int x, unsigned int y) {
	unsigned int sum = x + y;
	return sum < MAX;
}

If the sum of x and y are less than the defined MAX, the program will return true, otherwise isValid will return false. The problem with the code is it does not check for integer overflow on the addition operation. If the sum of x and y is greater than the available space to store the integer, the integer will overflow and “roll over” to a value less than MAX.

Below is a program which checks for overflow by confirming the sum is greater than or equal to x and y. If the sum did overflow, the sum would be less than x or less than y.

bool isValid(unsigned int x, unsigned int y) {
	unsigned int sum = x + y;
	return sum >= x && sum >= y && sum < MAX;
}

References

^ ^a ^b Viega, John; Gary McGraw (2001). Building Secure Software: How to Avoid Security Problems the Right Way. MAddison-Wesley Professional. p. 528. ISBN 978-0201721522.

Taylor, Art; Brian Buege; Randy Layman (2006). Hacking Exposed J2EE & Java. McGraw-Hill Primis. p. 426. ISBN 0-390-59975-1.

External links

[bss2001-1] Viega, John; Gary McGraw (2001). Building Secure Software: How to Avoid Security Problems the Right Way. MAddison-Wesley Professional. p. 528. ISBN 978-0201721522.

[1]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Hacktivism Insecure direct object reference Keystroke loggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection Site isolation

Buffer-overflow prevention

Format-string attack prevention

Integer-overflow prevention

See also

References

External links