مطالب توسط rezaie

Introduction to Software Security

What is Security? Security /sɪˈkjʊərɪti/ noun the state of being free from danger or threat. synonyms:  certainty, safe future, assured future, safety, reliability, dependability, solidness, soundness A successful organization should have multiple layers of security in place: —Physical security: to protect the physical items, objects, or areas of an organization from unauthorized access and misuse. […]

Secure Programming: Buffer Overflow

Definition of Buffer Overflow Buffer overflows  = buffer overruns Buffer overflow is an event that occurs when we have: —Fixed-length data buffer (e.g., string) —At least one value intended for buffer is written outside that buffer’s boundaries (usually past its end) Some definitions also include reading outside buffer NIST’s definition: “A condition at an interface […]

Top Security Problems in Programming

Introduction Introduction: HTTP GET and POST – Two HTTP Request Methods: GET and POST Two commonly used methods for a request-response between a client and server are: —GET – Requests data from a specified resource —POST – Submits data to be processed to a specified resource – The GET Method —Note that the query string […]

Static Security Analysis

Introduction – Static analyzer of a code is similar to spell checker! – A clean detected by an static analysis doesn’t guarantee that this code is perfect; – It just indicates that it is free of certain kinds of common problems – Security problems can result from —the same kind of simple mistakes that lead […]

Secure Software Development

Software Security Software security as part of the larger problem of developing robust, reliable code Describe the relationship between software security and: • Corporate information security policies • Corporate risk strategies Why is most software insecure? • Many developers don’t know how to develop secure software —•Most universities don’t have it in their syllabi Or […]