Secure Software Development at the Nuts and Bolts Level

  • Input Validation – Check input from users of the system to be sure it contains no harmful content and to be sure the information entered is only the information expected. Repair improper input when possible or request re-entry of information.
  • Output Validation – Check information being sent to users of the system to be sure no harmful content is being sent. If harmful content is detected, an administrator should be notified.
  • Error checking
    • Access Failure – Be sure the program does not perform in an unexpected manner when access to the registry, any external resource, or a file fails.
    • Buffer Overflow – Code should be written so when data is put into a buffer, the buffer will not overflow. This means there should be checks to be sure more information than the buffer can hold will not be written into it.
    • Check files loaded for legitimacy – Files that are loaded should be checked to be sure they are the expected file. This prevents unexpected program performance and possible security problems.
    • Check to be sure modification to the system environment cannot cause the wrong file to load.
  • Error handling – Error handling determines what the program will do when there is an error. The error may be an operator error or an internal error. All possible errors must have an appropriate response designed and implemented within the program.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s