Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 38
Guests Online: 36
Members Online: 2

Registered Members: 82847
Newest Member: Zanjux
Latest Articles

10 Security tips to building secure software

Arrow Image this is just a basic outline. you dont want to be own3d for vulnerabilities in our own application :D



1 - Secure the weakest link
Focus your security efforts on all parts of your system.
Security is part of the design not an after thought, after your done try to add more security
to what you preceive to be the weakest part of your system cause i for one am probably
going to go after that and not your million bit keyed cryptosystem.

2 - Practice defense in depth
Try and implement more than one layer of security, just in case one gets broken // common sense

3 - Fail securly
Dont offer to much information when an error occurs. for example dont show a person the query
to your database if his input fails. this would lead to hours cut from the attackers time, if not days
Generic error messages are a much better way to go.

4 - Follow the principle of least privelage
Give your application the lowest privelage level needed for it to function properly. so that if someone
does find a hole in your application and exploits it they dont get handed root privelages on a silver platter
// make em work for it otherwise its no fun ;D

5 - Compartmentalize
Keep things seperate and organized, so that your code is easy to debug and upgrade if and when
holes are found

6 - Keep it simple
this is similar to number 5. the simpler your solution the harder it is to get it wrong.
if your code is complex and just one big mess ill tell you know you aint commin to me to debug it for ya

7 - Promote privacy
Users are lazy when it comes to security so make sure security options are on by default.

8 - Validate all your input
This is probably the most important rule. validate , revalidate , and then when you\'ve had enough
validate again. this will greatly decrease the threats faced by your application coming to fruitation.
By and large this will generally all but rule out most types of injections be it SQL injection or command
injection

9 - Be reluctant to trust
Authenticate who you communicate with in evey way possible to try and reduce the man in the middle
category of attacks, and by authenticate i dont mean once always try and implement ongoing authentication

10 - Use your community resources
if you need common modules / header files , help , ideas , try and ask around find out what people think,
use, and generally stay away from. this will help alot in avoiding stupidity (i.e. thinking base64 is proper
encryption) and errors (coding your own modules when there are others that have undergone years
of use and abuse available).

Let me know what you think.
criticism is welcome aslong as its constructive
Kmamoun. Aka B.B.s.N

Comments

spywareon May 17 2007 - 11:10:54
If you used this site to write this, please add it in the article (just add all your sources). Well, the ten rules made sense, rating "good".
mr noobon May 17 2007 - 14:36:54
this is a good article i.m.o. and clarifies what you need to do to secure a web / executable application Smile rated very good
spywareon May 17 2007 - 16:25:10
Actually, you didn't rate it.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.