By
Published: 15 May 2023
It’s been quite a while since I dd any actual coding and while I have done machine level coding I was initially taught Algol and Fortran, both being high level languages.
In my 20 plus years in information security and assurance the issue of secure coding has risen in importance. It is through poor coding and housekeeping procedures that many successful security breaches have occurred, but the role of the operational environment and any background housekeeping functions should not be overlooked, they can, indeed, be critical.
A big part of secure coding is ensuring that any input to a piece of code only is allowed to originate from a known – verified – source and that the input is subjected to rigorous boundary and content checking and, should the input not be conformant, then that data is completely destroyed.
Similarly output from a piece of code should only come from within the code itself and sent to known – verified – destinations and not allowed to use memory outside of what has been allocated. The code itself should only access and use allocated memory locations and system I/O, housekeeping functions should also clean up any temporary memory locations post use.
The operating system that any code runs under should allocate, monitor and control memory usage in order to stop one piece of code from violating the memory allocated to other pieces of code.
The OS should only permit verified (certified or flagged) code to run, non-verified code should be isolated, prevented from running and an error output.
It should be noted that this could be a multi-level operation where, for example, you have a host system and OS that is running a number of virtual hosts or supporting a number of containers – not forgetting that a virtual host could also be running a number of containers making for a very complex environment.
There are quite a few software, container and OS testing tools on the market but unless your organisation has its own IT department that is developing, maintaining and deploying code you will probably look to outsourcing any necessary testing and review work to a competent agency.
Read more on Application security and coding requirements
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
