From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Other secure coding best practices
From the course: Developing Secure Software (2015)
Other secure coding best practices
- There are quite a few more easy-to-make coding mistakes that are well-publicized but still occurring every day. As in buffer overflow attack scenarios, input validation can make a big difference in preventing other common attacks, such as SQL injection and cross-site scripting. SQL injection typically appends a piece of SQL code to an expected user input, so that the unexpected SQL code portion of the user input is executed by the database engine to produce the outcome desired by the attackers. These outcomes could be bypassing authentication or retrieving additional data. Cross-site scripting also embeds malicious code into the user input so that the code gets executed in another website that was not originally intended to be used by the attackers. Remember that a more fundamental solution is necessary to address many of these attacks exploiting input validation vulnerabilities. The key here is an architectural solution that is overarching and lasting. An example of this kind of…
Contents
-
-
-
-
-
-
Setting the stage34s
-
(Locked)
Buffer overflow attacks1m 41s
-
(Locked)
Buffer overflow countermeasures1m 44s
-
(Locked)
Broken authentication and session management1m 7s
-
(Locked)
Broken authentication and session management countermeasures2m 1s
-
(Locked)
Insecure direct object references1m 24s
-
(Locked)
Insecure direct object references countermeasures52s
-
(Locked)
Sensitive information exposure1m 6s
-
(Locked)
Sensitive data exposure countermeasures1m 37s
-
(Locked)
Other secure coding best practices2m 22s
-
-
-
-