|
| Python Specific Issues | |
| As with any language, beware of any functions which allow data to be executed as parts of a program, to make sure an untrusted user can't affect their input. | |
|
| |
| Structure Program Internals and Approach | |
| Here are the principles of the design of secure protection systems | |
|
| |
| Cryptographic Protocols | |
| For protocols, try to use standard-conforming protocols such as SSL, SSH, IPSec, GnuPG/PGP, and Kerberos. Many of these overlap somewhat in functionality, but each has a ``specialty'' niche | |
|
| |
| PHP Specific Issues | |
| Granted, there are security issues in any language, but one particular issue stands out in older versions of PHP that arguably makes older PHP versions less secure than most languages: the way it loads data into its namespace. | |
|
| |
| Java Specific Issues | |
| Obviously, a great deal depends on the kind of application you're developing. Java code intended for use on the client side has a completely different environment (and trust model) than code on a server side | |
|
| |
| Carefully Call Out to Other Resources | |
| Practically no program is truly self-contained; nearly all programs call out to other programs for resources, such as programs provided by the operating system, software libraries, and so on. | |
|
| |
| Public Key Algorithms | |
| For public key cryptography (used, among other things, for signing and sending secret keys), there are only a few widely-deployed algorithms. One of the most widely-used algorithms is RSA; RSA's algorithm was patented, but only in the U.S. | |
|
| |
| Passwords handling | |
| Where possible, don't write code to handle passwords. In particular, if the application is local, try to depend on the normal login authentication by a user. | |
|
| |
| Shell Scripting Languages (sh and csh Derivatives) Specific Issues | |
| There are a vast number of circumstances where shell scripting languages shouldn't be used at all for secure programs. | |
|
| |
| Cryptographic Algorithms and Protocols | |
| Often cryptographic algorithms and protocols are necessary to keep a system secure, particularly when communicating through an untrusted network such as the Internet. Where possible, use cryptographic techniques to authenticate information and keep the information private. | |
|
| |
| Authenticating on the Web | |
| On the web, a web server is usually authenticated to users by using SSL or TLS and a server certificate - but it's not as easy to authenticate who the users are. SSL and TLS do support client-side certificates, but there are many practical problems with actually using them. | |
|
| |
| Specially Protect Secrets (Passwords and Keys) in User Memory | |
| If your application must handle passwords or non-public keys (such as session keys, private keys, or secret keys), overwrite them immediately after using them so they have minimal exposure. | |
|
| |
| Send Information Back Judiciously | |
| Minimize Feedback; Don't Include Comments; Handle Full/Unresponsive Output; Control Data Formatting and so on | |
|
| |
| Symmetric Key Encryption Algorithms | |
| The use, export, and/or import of implementations of encryption algorithms are restricted in many countries, and the laws can change quite rapidly. Find out what the rules are before trying to build applications using cryptography. | |
|
| |
| Perl Specific Issues | |
| Perl programmers should first read the man page perlsec(1), which describes a number of issues involved with writing secure programs in Perl. In particular, perlsec(1) describes the ``taint'' mode, which most secure Perl programs should use. | |
|
| |
| C/C++ Specific Issues | |
| One of the biggest security problems with C and C++ programs is buffer overflow. C has the additional weakness of not supporting exceptions, which makes it easy to write programs that ignore critical error situations. | |
|
| |
| Random Numbers | |
| In many cases secure programs must generate ``random'' numbers that cannot be guessed by an adversary. Examples include session keys, public or private keys, symmetric keys, nonces and IVs used in many protocols, salts, and so on. | |
|
| |
| Ada Specific Issues | |
| In Ada95, the Unbounded_String type is often more flexible than the String type because it is automatically resized as necessary. However, don't store especially sensitive values such as passwords or secret keys in an Unbounded_String, since core dumps and page areas might still hold them later. | |
|
| |
| Cryptographic Hash Algorithms | |
| Some programs need a one-way cryptographic hash algorithm, that is, a function that takes an ``arbitrary'' amount of data and generates a fixed-length number that hard for an attacker to invert. | |
|
| |
