SlideShare una empresa de Scribd logo

Secure development of code

Descargar como PPTX, PDF
S
SalomeVictor
Tecnología
1 de 29
SECURE DEVELOPMENT OF CODE ACC 626 Term Paper Salome Victor 20316185 July 7, 2013
AGENDA  Background  Introduction  Importance of Secure Development of Code  Key Coding Principles  Secure Code Analysis  Conclusion
WHAT IS YOUR MOST IMPORTANT ASSET?
THE BEST DEFENSE IS A GOOD OFFENSE In order to implement such strong code, the company must develop with secure coding practices in mind.
WHAT IS SOFTWARE? Software is described as operating systems, application programs and data that is used by products containing microprocessors
WHAT IS SOURCE CODE? Source code is defined as a version of software written by the developer in plain text (i.e., human readable alphanumeric characters)
WHAT IS PROGRAMMING LANGUAGE? In order to write source code, a programming language must be selected from a large pool of available programming languages. A few common programming languages are JavaScript, Python, C, C++, Visual Basic, and Perl.
CODE ANALYSIS KEY CODING PRINCIPLES
IMPORTANCE OF SECURE DEVELOPMENT OF CODE AVAILABILITY INTEGRITY PRIVACY CONFIDENTIALITY
ECONOMIC IMPACTS
COMMON CODING ERRORS  SQL Injection  Buffer Overflow  Race Conditions
COMMON CODING ERRORS – SQL INJECTION  Intruder can gain unauthorized access to database  Intruder can read and modify data  Integrity, confidentiality, and privacy compromised
COMMON CODING ERRORS – BUFFER OVERFLOW  Attacker can crash the program  Attacker can inject his own code into the program  Availability, integrity, privacy, and confidentiality compromised
COMMON CODING ERRORS – RACE CONDITIONS  Attacker can insert malicious code and interfere with the normal execution of the program  Attacker can exhaust the computer’s resources  Availability and confidentiality compromised
KEY CODING PRINCIPLES  Least Privilege  Keep it Simple  Validate Input  Practice defense in Depth
 “Need-to know” principle  Access should be restricted  High clearance should be allowed only for a limited time  Reduces the impact an attacker can have and reduces the possibility of attacks KEY CODING PRINCIPLES – LEAST PRIVILEGE
 Complex systems have more surface area for attack  Complexity creates errors  Complexity demands more resources KEY CODING PRINCIPLES – KEEP IT SIMPLE
 Input from external parties can be very dangerous  Every company should have a set of policies on handling input  Reduced risk of malicious data causing damage KEY CODING PRINCIPLES – VALIDATING INPUT
 A good system should have multiple layers of security  More layers of security means more trouble for an attacker  Helps mitigate insecure coding issues KEY CODING PRINCIPLES –DEFENSE IN DEPTH
 Manual Code Review  Penetration Testing  Static Analysis  Dynamic Analysis SECURE CODE ANALYSIS
 Software designers and programmers examine source code quality  Expensive, labor intensive , and highly effective  More than 75% of faults are found through this method SECURE CODE ANALYSIS – MANUAL CODE REVIEW
 Overt penetration testing has the pseudo-attacker working with the organization  Covert penetration testing is a simulated attack without the knowledge of most of the organization  Overt testing is effective for finding faults, but ineffective at testing incident response and attack detection  Covert testing does test the organizations ability to respond to attacks, but is very time consuming and costly SECURE CODE ANALYSIS – PENETRATION TESTING
 White box testing gives the pseudo- attacker full access to the organizations structure and defenses  It is cost effective and less like real life  Black box testing gives the pseudo- attacker little to no information  It simulates real life well, but is very costly SECURE CODE ANALYSIS – PENETRATION TESTING
 A tool meant for analyzing the executable program, rather than the source code  Covers a wide scope, not user- friendly, many false positives SECURE CODE ANALYSIS – STATIC ANALYSIS
 Analyzes the program behavior while it is running  Precise and valid results SECURE CODE ANALYSIS – DYNAMIC ANALYSIS
CONCLUSION  Importance of source code and secure development  Common coding errors  Key coding principles  Secure code analysis
REFERENCES FOR PICTURES  http://avi72.livejournal.com/3018.html  http://www.cartoonstock.com/directory/i/investor_con fidence_gifts.asp  http://chem-manufacturing.com/program/  http://www.cisco.com/en/US/docs/app_ntwk_service s/waas/waas/v421/configuration/guide/other.html  http://compare.buscape.com.br/writing-secure-code- second-edition-michael-howard-david-leblanc- 0735617228.html#precos  http://cyrilwang.pixnet.net/blog/post/32220475- %5B%E6%8A%80%E8%A1%93%E5%88%86%E4 %BA%AB%5D- %E7%94%A8%E4%BA%86%E5%8F%83%E6%95 %B8%E5%8C%96%E6%9F%A5%E8%A9%A2%E5 %B0%B1%E5%8F%AF%E4%BB%A5%E5%B0%8D -sql-injecti  http://www.danmc.info/high-availability/  http://www.dreamworldproject.info/uncategorized/typ es-of-computer-software/  http://easysolution4you.blogspot.ca/2013/05/insall- turbocpp-onwindows8-fullscreen.html  http://www.ehackingnews.com/search/label/Reverse %20Engineering  https://en.wikipedia.org/wiki/File:VisualBasicLogo.gif  http://en.wikipedia.org/wiki/Operation_Aurora  http://es.123rf.com/photo_5980477_letras-del- teclado-de-la-computadora-alrededor-de-la- integridad-de-la-palabra.html  http://evos4rd.wordpress.com/author/evos4rd/page/2 /  https://www.facebook.com/penetretion.testing.blogge r  http://www.flickr.com/photos/helloimchloe/562082106 1/  http://www.flickr.com/photos/sebastian_bergmann/39 91540987/  http://geniuscountry.com/assets/2011/i-just-want-to- say-one-word-to-you-data/  http://iappsofts.com/amrutvahini-institute-of- management-and-business-administration.html  http://infocenter.arm.com/help/index.jsp?topic=/com. arm.doc.dui0414ck/RP_code_view_The_disassembl y_view.html  http://www.informit.com/store/secure-coding-in-c- and-c-plus-plus-9780321335722  http://www.innovategy.com/html/strategieworkshop.h tml  http://www.isaca.org/Journal/Past- Issues/2008/Volume-3/Pages/JOnline-Role- Engineering-The-Cornerstone-of-RBAC1.aspx  http://javakenai- dev.cognisync.net/pub/a/today/2006/08/17/code- reviews.html  http://www.kinokuniya.co.jp/f/dsg-02-9780071626750  http://lurkerfaqs.com/boards/8-gamefaqs- contests/60380480/  http://madchuckle.blogspot.ca/2010/04/just-what-is- python-my-initial-thoughts.html  http://www.maxit.com.au/portfolio-view/custom- software-design-architecture-3/  http://www.mindfiresolutions.com/perl- development.htm  http://www.myotherpcisacloud.com/?page=11  http://www.phidgets.com/docs/Language_-_C/C++  http://rebootblueprint.com/7-healthy-no-fap- replacement-habits/  http://www.ronpaulforums.com/showthread.php?331 019-Supervoter-Bomb-envelope-design-need-input  http://rusbase.com/news/author/editor/morgan- stanley-predicts-e-commerce-growth-russia/  http://www.securecoding.org/  http://www.selectinternet.co.uk/html/backup.html  http://seravo.fi/2013/javascript-the-winning-style  http://staff.ustc.edu.cn/~bjhua/courses/security/2012/l abs/lab2/index.html  http://softbuka.ru/soft/screens-IDA-Pro.html  http://www.softwaresecuritysolutions.com/layered- security.html  http://thwartedefforts.org/2006/11/11/race-conditions- with-ajax-and-php-sessions/  http://turbotodd.wordpress.com/2013/03/  http://www.webpronews.com/were-googlers- involved-in-chinese-cyber-attack-2010-01  http://xkcd.com/327/  http://zheronelit.wordpress.com/category/c-source- codes/
Secure development of code

Recomendados

Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat ModelingMiriam Celi, CISSP, GISP, MSCS, MBA
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Secure programming language basis
Secure programming language basisSecure programming language basis
Secure programming language basisAnkita Bhalla
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Atlantic Security Conference
 

Recomendados

Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat ModelingMiriam Celi, CISSP, GISP, MSCS, MBA
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Secure programming language basis
Secure programming language basisSecure programming language basis
Secure programming language basisAnkita Bhalla
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Atlantic Security Conference
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Application Security Risk Assessment
Application Security Risk AssessmentApplication Security Risk Assessment
Application Security Risk AssessmentThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software securityMarco Morana
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security FrameworksMarco Morana
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security TestingMohamed Ridha CHEBBI, CISSP
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Synopsys Software Integrity Group
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesClint Edmonson
 
Security Development Lifecycle Tools
Security Development Lifecycle ToolsSecurity Development Lifecycle Tools
Security Development Lifecycle Toolsn|u - The Open Security Community
 
Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Debasis Chakraborty
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Priyanka Aash
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
For ip
For ipFor ip
For ipinfpol
 
109451512 broucher-3333-copy
109451512 broucher-3333-copy109451512 broucher-3333-copy
109451512 broucher-3333-copyBRIJESH MISHRA
 

Más contenido relacionado

La actualidad más candente

Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software securityMarco Morana
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security FrameworksMarco Morana
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesClint Edmonson
 
Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Debasis Chakraborty
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Priyanka Aash
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 

La actualidad más candente (20)

Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Application Security Risk Assessment
Application Security Risk AssessmentApplication Security Risk Assessment
Application Security Risk Assessment
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security Frameworks
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Security Development Lifecycle Tools
Security Development Lifecycle ToolsSecurity Development Lifecycle Tools
Security Development Lifecycle Tools
 
Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - Overview
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 

Destacado

For ip
For ipFor ip
For ipinfpol
 
109451512 broucher-3333-copy
109451512 broucher-3333-copy109451512 broucher-3333-copy
109451512 broucher-3333-copyBRIJESH MISHRA
 
Web strategy plus media kit 2016
Web strategy plus media kit 2016Web strategy plus media kit 2016
Web strategy plus media kit 2016Michelle Hummel
 
Premiazione 2014 I.C., S.M.S. e Scuole Elementari
Premiazione 2014 I.C., S.M.S. e Scuole ElementariPremiazione 2014 I.C., S.M.S. e Scuole Elementari
Premiazione 2014 I.C., S.M.S. e Scuole Elementariallfrct
 
Social media marketing strategies for success
Social media marketing strategies for successSocial media marketing strategies for success
Social media marketing strategies for successMichelle Hummel
 
Chapter 2-beginning-spatial-with-sql-server-2008-pt-i
Chapter 2-beginning-spatial-with-sql-server-2008-pt-iChapter 2-beginning-spatial-with-sql-server-2008-pt-i
Chapter 2-beginning-spatial-with-sql-server-2008-pt-iJuber Palomino Campos
 
Veh des portfolio v3
Veh des portfolio v3Veh des portfolio v3
Veh des portfolio v3Jon Albert
 
Philinter brochure 2013
Philinter brochure 2013Philinter brochure 2013
Philinter brochure 2013unleash alba
 
Pixeye Presentation
Pixeye PresentationPixeye Presentation
Pixeye Presentationid1789
 
Eurostat tasa paro regiones
Eurostat tasa paro regionesEurostat tasa paro regiones
Eurostat tasa paro regionesManuel Benito
 
Premiazione 2013 istituti superiori
Premiazione 2013 istituti superioriPremiazione 2013 istituti superiori
Premiazione 2013 istituti superioriallfrct
 
Mobile App Development Pitfalls
Mobile App Development PitfallsMobile App Development Pitfalls
Mobile App Development PitfallsMarket GoMobile
 
Discover the Mircom FleX-Net system
Discover the Mircom FleX-Net systemDiscover the Mircom FleX-Net system
Discover the Mircom FleX-Net systemMichael Baker
 
FINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_red
FINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_redFINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_red
FINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_redstrela92
 
Using Social Media for Recruitment and Retention
Using Social Media for Recruitment and RetentionUsing Social Media for Recruitment and Retention
Using Social Media for Recruitment and RetentionMichelle Hummel
 

Destacado (20)

For ip
For ipFor ip
For ip
 
109451512 broucher-3333-copy
109451512 broucher-3333-copy109451512 broucher-3333-copy
109451512 broucher-3333-copy
 
PECUBAAN SPM KEDAH 2016
PECUBAAN SPM KEDAH 2016PECUBAAN SPM KEDAH 2016
PECUBAAN SPM KEDAH 2016
 
Web strategy plus media kit 2016
Web strategy plus media kit 2016Web strategy plus media kit 2016
Web strategy plus media kit 2016
 
Premiazione 2014 I.C., S.M.S. e Scuole Elementari
Premiazione 2014 I.C., S.M.S. e Scuole ElementariPremiazione 2014 I.C., S.M.S. e Scuole Elementari
Premiazione 2014 I.C., S.M.S. e Scuole Elementari
 
Social media marketing strategies for success
Social media marketing strategies for successSocial media marketing strategies for success
Social media marketing strategies for success
 
Chapter 2-beginning-spatial-with-sql-server-2008-pt-i
Chapter 2-beginning-spatial-with-sql-server-2008-pt-iChapter 2-beginning-spatial-with-sql-server-2008-pt-i
Chapter 2-beginning-spatial-with-sql-server-2008-pt-i
 
Schoology
SchoologySchoology
Schoology
 
Veh des portfolio v3
Veh des portfolio v3Veh des portfolio v3
Veh des portfolio v3
 
Philinter brochure 2013
Philinter brochure 2013Philinter brochure 2013
Philinter brochure 2013
 
Pixeye Presentation
Pixeye PresentationPixeye Presentation
Pixeye Presentation
 
Eurostat tasa paro regiones
Eurostat tasa paro regionesEurostat tasa paro regiones
Eurostat tasa paro regiones
 
Premiazione 2013 istituti superiori
Premiazione 2013 istituti superioriPremiazione 2013 istituti superiori
Premiazione 2013 istituti superiori
 
Mobile App Development Pitfalls
Mobile App Development PitfallsMobile App Development Pitfalls
Mobile App Development Pitfalls
 
CV_Jared Manzano
CV_Jared ManzanoCV_Jared Manzano
CV_Jared Manzano
 
Sharing economy
Sharing economySharing economy
Sharing economy
 
Discover the Mircom FleX-Net system
Discover the Mircom FleX-Net systemDiscover the Mircom FleX-Net system
Discover the Mircom FleX-Net system
 
Zp
ZpZp
Zp
 
FINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_red
FINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_redFINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_red
FINAL ALL ARTICLES ProJourno-Report-2016-FINAL-interactive_red
 
Using Social Media for Recruitment and Retention
Using Social Media for Recruitment and RetentionUsing Social Media for Recruitment and Retention
Using Social Media for Recruitment and Retention
 

Similar a Secure development of code

Importance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best PracticesImportance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best PracticesElanusTechnologies
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareRogue Wave Software
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptxsalutiontechnology
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing ApplicationsMark Harrison
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩baoyin
 
Security Validation as Code.pdf
Security Validation as Code.pdfSecurity Validation as Code.pdf
Security Validation as Code.pdfPrancer Io
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingankitmehta21
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open SourceFINOS
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!Parasoft
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 

Similar a Secure development of code (20)

Importance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best PracticesImportance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best Practices
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
Autos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoTAutos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoT
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptx
 
Coverity Data Sheet
Coverity Data SheetCoverity Data Sheet
Coverity Data Sheet
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing Applications
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 
Security Validation as Code.pdf
Security Validation as Code.pdfSecurity Validation as Code.pdf
Security Validation as Code.pdf
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open Source
 
VSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service ProfileVSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service Profile
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Secure development of code

  • 1. SECURE DEVELOPMENT OF CODE ACC 626 Term Paper Salome Victor 20316185 July 7, 2013
  • 2. AGENDA  Background  Introduction  Importance of Secure Development of Code  Key Coding Principles  Secure Code Analysis  Conclusion
  • 3. WHAT IS YOUR MOST IMPORTANT ASSET?
  • 4.
  • 5. THE BEST DEFENSE IS A GOOD OFFENSE In order to implement such strong code, the company must develop with secure coding practices in mind.
  • 6. WHAT IS SOFTWARE? Software is described as operating systems, application programs and data that is used by products containing microprocessors
  • 7. WHAT IS SOURCE CODE? Source code is defined as a version of software written by the developer in plain text (i.e., human readable alphanumeric characters)
  • 8. WHAT IS PROGRAMMING LANGUAGE? In order to write source code, a programming language must be selected from a large pool of available programming languages. A few common programming languages are JavaScript, Python, C, C++, Visual Basic, and Perl.
  • 10. IMPORTANCE OF SECURE DEVELOPMENT OF CODE AVAILABILITY INTEGRITY PRIVACY CONFIDENTIALITY
  • 12. COMMON CODING ERRORS  SQL Injection  Buffer Overflow  Race Conditions
  • 13. COMMON CODING ERRORS – SQL INJECTION  Intruder can gain unauthorized access to database  Intruder can read and modify data  Integrity, confidentiality, and privacy compromised
  • 14. COMMON CODING ERRORS – BUFFER OVERFLOW  Attacker can crash the program  Attacker can inject his own code into the program  Availability, integrity, privacy, and confidentiality compromised
  • 15. COMMON CODING ERRORS – RACE CONDITIONS  Attacker can insert malicious code and interfere with the normal execution of the program  Attacker can exhaust the computer’s resources  Availability and confidentiality compromised
  • 16. KEY CODING PRINCIPLES  Least Privilege  Keep it Simple  Validate Input  Practice defense in Depth
  • 17.  “Need-to know” principle  Access should be restricted  High clearance should be allowed only for a limited time  Reduces the impact an attacker can have and reduces the possibility of attacks KEY CODING PRINCIPLES – LEAST PRIVILEGE
  • 18.  Complex systems have more surface area for attack  Complexity creates errors  Complexity demands more resources KEY CODING PRINCIPLES – KEEP IT SIMPLE
  • 19.  Input from external parties can be very dangerous  Every company should have a set of policies on handling input  Reduced risk of malicious data causing damage KEY CODING PRINCIPLES – VALIDATING INPUT
  • 20.  A good system should have multiple layers of security  More layers of security means more trouble for an attacker  Helps mitigate insecure coding issues KEY CODING PRINCIPLES –DEFENSE IN DEPTH
  • 21.  Manual Code Review  Penetration Testing  Static Analysis  Dynamic Analysis SECURE CODE ANALYSIS
  • 22.  Software designers and programmers examine source code quality  Expensive, labor intensive , and highly effective  More than 75% of faults are found through this method SECURE CODE ANALYSIS – MANUAL CODE REVIEW
  • 23.  Overt penetration testing has the pseudo-attacker working with the organization  Covert penetration testing is a simulated attack without the knowledge of most of the organization  Overt testing is effective for finding faults, but ineffective at testing incident response and attack detection  Covert testing does test the organizations ability to respond to attacks, but is very time consuming and costly SECURE CODE ANALYSIS – PENETRATION TESTING
  • 24.  White box testing gives the pseudo- attacker full access to the organizations structure and defenses  It is cost effective and less like real life  Black box testing gives the pseudo- attacker little to no information  It simulates real life well, but is very costly SECURE CODE ANALYSIS – PENETRATION TESTING
  • 25.  A tool meant for analyzing the executable program, rather than the source code  Covers a wide scope, not user- friendly, many false positives SECURE CODE ANALYSIS – STATIC ANALYSIS
  • 26.  Analyzes the program behavior while it is running  Precise and valid results SECURE CODE ANALYSIS – DYNAMIC ANALYSIS
  • 27. CONCLUSION  Importance of source code and secure development  Common coding errors  Key coding principles  Secure code analysis
  • 28. REFERENCES FOR PICTURES  http://avi72.livejournal.com/3018.html  http://www.cartoonstock.com/directory/i/investor_con fidence_gifts.asp  http://chem-manufacturing.com/program/  http://www.cisco.com/en/US/docs/app_ntwk_service s/waas/waas/v421/configuration/guide/other.html  http://compare.buscape.com.br/writing-secure-code- second-edition-michael-howard-david-leblanc- 0735617228.html#precos  http://cyrilwang.pixnet.net/blog/post/32220475- %5B%E6%8A%80%E8%A1%93%E5%88%86%E4 %BA%AB%5D- %E7%94%A8%E4%BA%86%E5%8F%83%E6%95 %B8%E5%8C%96%E6%9F%A5%E8%A9%A2%E5 %B0%B1%E5%8F%AF%E4%BB%A5%E5%B0%8D -sql-injecti  http://www.danmc.info/high-availability/  http://www.dreamworldproject.info/uncategorized/typ es-of-computer-software/  http://easysolution4you.blogspot.ca/2013/05/insall- turbocpp-onwindows8-fullscreen.html  http://www.ehackingnews.com/search/label/Reverse %20Engineering  https://en.wikipedia.org/wiki/File:VisualBasicLogo.gif  http://en.wikipedia.org/wiki/Operation_Aurora  http://es.123rf.com/photo_5980477_letras-del- teclado-de-la-computadora-alrededor-de-la- integridad-de-la-palabra.html  http://evos4rd.wordpress.com/author/evos4rd/page/2 /  https://www.facebook.com/penetretion.testing.blogge r  http://www.flickr.com/photos/helloimchloe/562082106 1/  http://www.flickr.com/photos/sebastian_bergmann/39 91540987/  http://geniuscountry.com/assets/2011/i-just-want-to- say-one-word-to-you-data/  http://iappsofts.com/amrutvahini-institute-of- management-and-business-administration.html  http://infocenter.arm.com/help/index.jsp?topic=/com. arm.doc.dui0414ck/RP_code_view_The_disassembl y_view.html  http://www.informit.com/store/secure-coding-in-c- and-c-plus-plus-9780321335722  http://www.innovategy.com/html/strategieworkshop.h tml  http://www.isaca.org/Journal/Past- Issues/2008/Volume-3/Pages/JOnline-Role- Engineering-The-Cornerstone-of-RBAC1.aspx  http://javakenai- dev.cognisync.net/pub/a/today/2006/08/17/code- reviews.html  http://www.kinokuniya.co.jp/f/dsg-02-9780071626750  http://lurkerfaqs.com/boards/8-gamefaqs- contests/60380480/  http://madchuckle.blogspot.ca/2010/04/just-what-is- python-my-initial-thoughts.html  http://www.maxit.com.au/portfolio-view/custom- software-design-architecture-3/  http://www.mindfiresolutions.com/perl- development.htm  http://www.myotherpcisacloud.com/?page=11  http://www.phidgets.com/docs/Language_-_C/C++  http://rebootblueprint.com/7-healthy-no-fap- replacement-habits/  http://www.ronpaulforums.com/showthread.php?331 019-Supervoter-Bomb-envelope-design-need-input  http://rusbase.com/news/author/editor/morgan- stanley-predicts-e-commerce-growth-russia/  http://www.securecoding.org/  http://www.selectinternet.co.uk/html/backup.html  http://seravo.fi/2013/javascript-the-winning-style  http://staff.ustc.edu.cn/~bjhua/courses/security/2012/l abs/lab2/index.html  http://softbuka.ru/soft/screens-IDA-Pro.html  http://www.softwaresecuritysolutions.com/layered- security.html  http://thwartedefforts.org/2006/11/11/race-conditions- with-ajax-and-php-sessions/  http://turbotodd.wordpress.com/2013/03/  http://www.webpronews.com/were-googlers- involved-in-chinese-cyber-attack-2010-01  http://xkcd.com/327/  http://zheronelit.wordpress.com/category/c-source- codes/