Many security issues occur when software acts in an unexpected manner in response to invalid user input or another error situation. For this reason, appropriately handling errors is a critical component of software security. In this video, learn about secure coding practices, including proper error and exception handling techniques for software.
- [Instructor] Many security…issues occur when software exit in unexpected manner,…in response to invalid user input…or in other error situation.…For this reason, appropriately handling errors…is a critical component of software security.…Software's designed to perform orderly transitions…between different states.…For example, let's consider a very simple software program…that is designed to calculate the sales tax…on a retail purchase.…The software might sit at an input screen…waiting for the user to input the purchase amount.…
Once it receives that input,…it calculates the transactions tax…and then moves into a display mode…where it displays the tax amount to the user.…The user can then press a New Transaction…button to enter another transaction amount.…You might view this as three different…states in the software.…The first one is awaiting input.…Once the user provides the input,…it moves to the calculating tax state…where the program is actually figuring out the sales tax…amount for that user's inputted transaction value.…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software