SlideShare a Scribd company logo

Secure programming language basis

A
Ankita Bhalla

This document discusses secure programming practices, including incorporating security into the software development lifecycle, common vulnerabilities like buffer overflows and integer overflows, and secure coding guidelines for languages like Java and C++. It emphasizes practices like input validation, error handling, and using the latest compilers. It also covers the High Integrity C++ framework for developing safety-critical applications.

Education
1 of 14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
DESIGN A SECURE PROGRAMMING LANGUAGE
Overview • To develop a secure application secure coding techniques should be incorporated into every phase of SDLC • Discusses about impact of various vulnerabilities • Covers secure coding guidelines for Java and C++. • Reviews about the High Integrity C++ i.e. HICPP
Vulnerabilities Buffer Overflow • A buffer overflow occurs when a program allows input to write data beyond allocated memory Integer Overflow • An integer overflow takes place when the integer variable tries to store a larger value than the valid range as a result of an arithmetic operation
Vulnerabilities Command Injection • Takes place when malicious data is embedded into input and is passed to the shell Improper error handling • When a programmer fails to implement proper error handling, the application might leak information
Secure Software Development Secure • To reduce the number of vulnerabilities before development starts Architecture • It is easier and more cost-effective to and Design eliminate security flaws • Increase awareness about software Secure Coding security among the developer Practices • Code Review Software • Penetration Testing Security Testing • Fuzz Testing
General Secure Coding Guidelines  Efficient input validation is mandatory  Modular programming approach  Use of the latest compilers  Encrypt all confidential data using strong cryptographic techniques  Practice to code with proper error/exception handling  Every organization must educate its developers on how to write secure code
Programming Language-Specific Guidelines • Secure Coding Practices in Java • Secure Coding Practices In C/ C++
Secure Coding Practices in Java  Understand the effect of a superclass on a subclass  Use public static fields for defining a constant  Use try catch statements for exception handling  An instance of a non-final class is fully initialized  Be cautious when dealing with multiple threads
Secure Coding Practices in C/C++  Use pointers safely  Watch out for memory leaks  Run a ‘Garbage Collector’ to free the memory  Securely delete sensitive data from memory by declaring the variable as volatile  Allocate memory dynamically
High Integrity C++  Define the set of rules and guidelines for the production of C++ code  It provide the restrictions necessary to make C++ suitable.  exploring C++ use for high integrity and safety critical applications  Enforce the best and secure practice in C++ development.
Conclusion Provides a practical and effective set of secure coding guidelines Secure SDLC that considers security at every stage of development contributes to early identification of potential vulnerabilities Discusses the about the concept of HICPP which is more secure than C++.
References [1]. Kevin Soo Hoo, Andrew W. Sudbury and Andrew R. Jaquith, ‘Tangible ROI through Secure Software Engineering’, 2006. [2]. Michael Howard, David LeBlanc and John Viega, ‘19 Deadly Sins of Software Security’, 2005. [3]. Andrew van der Stock, Jeff Williams, Dave Wichers ‘OWASP top 10: The 10 most critical web application security vulnerabilities’, 2007. [4]. Noopur Davis, ‘Secure Software Development Life Cycle Processes: A technology Scouting Report’,2006. [5]. Michael Howard, Steve Lipner , ‘The Security Development Life Cycle’, 2006.
References [6]. Sun Microsystems, Inc., ‘Secure Coding Guidelines for the Java Programming Language, version 2.0’, 2007 [7]. Mark G. Graff, Kenneth R. van Wyk, ‘Secure Coding Principles, and Practices’, 2003. [8]. Dave Dyer, ‘Can Assure save Java from the perils of multithreading’, 1998 [9]. Flight Lieutenant Derek W. Reinhardt, ‘Use of the C++ Programming Language in Safety Critical Systems’, 2004 [10]. Trupti Shiralkar and Brenda Grove,’ Guidelines for Secure Coding’, 2009
Secure programming language basis

More Related Content

PDF
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 
PDF
Why should developers care about container security?
Eric Smalling
 
PDF
Secure Coding and Threat Modeling
Miriam Celi, CISSP, GISP, MSCS, MBA
 
PPTX
Secure coding practices
Scott Hurrey
 
PPTX
Student Spring 2021
Denis Zakharov
 
PDF
Finacle - Secure Coding Practices
Infosys Finacle
 
PDF
Secure coding-guidelines
Trupti Shiralkar, CISSP
 
PDF
Secure Coding for Java - An Introduction
Sebastien Gioria
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 
Why should developers care about container security?
Eric Smalling
 
Secure Coding and Threat Modeling
Miriam Celi, CISSP, GISP, MSCS, MBA
 
Secure coding practices
Scott Hurrey
 
Student Spring 2021
Denis Zakharov
 
Finacle - Secure Coding Practices
Infosys Finacle
 
Secure coding-guidelines
Trupti Shiralkar, CISSP
 
Secure Coding for Java - An Introduction
Sebastien Gioria
 

What's hot (20)

PDF
Real World Application Threat Modelling By Example
NCC Group
 
PDF
Secure Coding in C/C++
Dan-Claudiu Dragoș
 
PDF
Threat modeling with architectural risk patterns
Stephen de Vries
 
PDF
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
PDF
Scalable threat modelling with risk patterns
Stephen de Vries
 
PPTX
Mobile security recipes for xamarin
Nicolas Milcoff
 
PDF
Neoito — Secure coding practices
Neoito
 
PPT
L27
NathannyabvureMapisa
 
PDF
OWASP Secure Coding Practices - Quick Reference Guide
Ludovic Petit
 
PPTX
Making Security Agile
Oleg Gryb
 
PDF
[OPD 2019] Life after pentest
OWASP
 
PPTX
Secure coding practices
Mohammed Danish Amber
 
PPTX
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
 
PPTX
DevSecCon Talk: An experiment in agile Threat Modelling
zeroXten
 
PPTX
Secure application deployment in Apache CloudStack
Tim Mackey
 
PPTX
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
PPTX
Agile and Secure Development
Nazar Tymoshyk, CEH, Ph.D.
 
PPTX
Secure development of code
SalomeVictor
 
PPTX
Security as a new metric for Business, Product and Development Lifecycle
Nazar Tymoshyk, CEH, Ph.D.
 
PDF
A Successful SAST Tool Implementation
Checkmarx
 
Real World Application Threat Modelling By Example
NCC Group
 
Secure Coding in C/C++
Dan-Claudiu Dragoș
 
Threat modeling with architectural risk patterns
Stephen de Vries
 
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Scalable threat modelling with risk patterns
Stephen de Vries
 
Mobile security recipes for xamarin
Nicolas Milcoff
 
Neoito — Secure coding practices
Neoito
 
L27
NathannyabvureMapisa
 
OWASP Secure Coding Practices - Quick Reference Guide
Ludovic Petit
 
Making Security Agile
Oleg Gryb
 
[OPD 2019] Life after pentest
OWASP
 
Secure coding practices
Mohammed Danish Amber
 
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
 
DevSecCon Talk: An experiment in agile Threat Modelling
zeroXten
 
Secure application deployment in Apache CloudStack
Tim Mackey
 
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
Agile and Secure Development
Nazar Tymoshyk, CEH, Ph.D.
 
Secure development of code
SalomeVictor
 
Security as a new metric for Business, Product and Development Lifecycle
Nazar Tymoshyk, CEH, Ph.D.
 
A Successful SAST Tool Implementation
Checkmarx
 
Ad

Similar to Secure programming language basis (20)

PDF
An Introduction to Secure Application Development
Christopher Frenz
 
PDF
The Principles of Secure Development
Security Ninja
 
DOC
Project
saprasamir
 
PPT
Software Security Testing
ankitmehta21
 
PDF
WhiteList Checker: An Eclipse Plugin to Improve Application Security
guest56b7565
 
PDF
Importance of Secure Coding with it’s Best Practices
ElanusTechnologies
 
PDF
OWASP Secure Coding Quick Reference Guide
Aryan G
 
PPT
SoftwareSecurity.ppt
ssuserfb92ae
 
PDF
Program Security in information security.pdf
shumailach472
 
PDF
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
PPT
Secure programming - Computer and Network Security
ssuser30902e
 
PDF
Software Security Certification
Vskills
 
PDF
Secured Development
Burhan Khalid
 
PDF
Mr. Burhan Khalid - secure dev.
nooralmousa
 
PDF
The Principles of Secure Development - BSides Las Vegas 2009
Security Ninja
 
PPT
10290057.ppt
ImXaib
 
PDF
Java: A Secure Programming Language for Today's Market
Uncodemy
 
PPTX
Eirtight writing secure code
Kieran Dundon
 
PDF
Secure JEE Architecture and Programming 101
Mario-Leander Reimer
 
PPTX
Safe and secure programming practices for embedded devices
Soumitra Bhattacharyya
 
An Introduction to Secure Application Development
Christopher Frenz
 
The Principles of Secure Development
Security Ninja
 
Project
saprasamir
 
Software Security Testing
ankitmehta21
 
WhiteList Checker: An Eclipse Plugin to Improve Application Security
guest56b7565
 
Importance of Secure Coding with it’s Best Practices
ElanusTechnologies
 
OWASP Secure Coding Quick Reference Guide
Aryan G
 
SoftwareSecurity.ppt
ssuserfb92ae
 
Program Security in information security.pdf
shumailach472
 
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
Secure programming - Computer and Network Security
ssuser30902e
 
Software Security Certification
Vskills
 
Secured Development
Burhan Khalid
 
Mr. Burhan Khalid - secure dev.
nooralmousa
 
The Principles of Secure Development - BSides Las Vegas 2009
Security Ninja
 
10290057.ppt
ImXaib
 
Java: A Secure Programming Language for Today's Market
Uncodemy
 
Eirtight writing secure code
Kieran Dundon
 
Secure JEE Architecture and Programming 101
Mario-Leander Reimer
 
Safe and secure programming practices for embedded devices
Soumitra Bhattacharyya
 
Ad

Recently uploaded (20)

PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Institutional Correction lecture only . . .
limvtheghins
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 

Secure programming language basis

  • 1. DESIGN A SECURE PROGRAMMING LANGUAGE
  • 2. Overview • To develop a secure application secure coding techniques should be incorporated into every phase of SDLC • Discusses about impact of various vulnerabilities • Covers secure coding guidelines for Java and C++. • Reviews about the High Integrity C++ i.e. HICPP
  • 3. Vulnerabilities Buffer Overflow • A buffer overflow occurs when a program allows input to write data beyond allocated memory Integer Overflow • An integer overflow takes place when the integer variable tries to store a larger value than the valid range as a result of an arithmetic operation
  • 4. Vulnerabilities Command Injection • Takes place when malicious data is embedded into input and is passed to the shell Improper error handling • When a programmer fails to implement proper error handling, the application might leak information
  • 5. Secure Software Development Secure • To reduce the number of vulnerabilities before development starts Architecture • It is easier and more cost-effective to and Design eliminate security flaws • Increase awareness about software Secure Coding security among the developer Practices • Code Review Software • Penetration Testing Security Testing • Fuzz Testing
  • 6. General Secure Coding Guidelines  Efficient input validation is mandatory  Modular programming approach  Use of the latest compilers  Encrypt all confidential data using strong cryptographic techniques  Practice to code with proper error/exception handling  Every organization must educate its developers on how to write secure code
  • 7. Programming Language-Specific Guidelines • Secure Coding Practices in Java • Secure Coding Practices In C/ C++
  • 8. Secure Coding Practices in Java  Understand the effect of a superclass on a subclass  Use public static fields for defining a constant  Use try catch statements for exception handling  An instance of a non-final class is fully initialized  Be cautious when dealing with multiple threads
  • 9. Secure Coding Practices in C/C++  Use pointers safely  Watch out for memory leaks  Run a ‘Garbage Collector’ to free the memory  Securely delete sensitive data from memory by declaring the variable as volatile  Allocate memory dynamically
  • 10. High Integrity C++  Define the set of rules and guidelines for the production of C++ code  It provide the restrictions necessary to make C++ suitable.  exploring C++ use for high integrity and safety critical applications  Enforce the best and secure practice in C++ development.
  • 11. Conclusion Provides a practical and effective set of secure coding guidelines Secure SDLC that considers security at every stage of development contributes to early identification of potential vulnerabilities Discusses the about the concept of HICPP which is more secure than C++.
  • 12. References [1]. Kevin Soo Hoo, Andrew W. Sudbury and Andrew R. Jaquith, ‘Tangible ROI through Secure Software Engineering’, 2006. [2]. Michael Howard, David LeBlanc and John Viega, ‘19 Deadly Sins of Software Security’, 2005. [3]. Andrew van der Stock, Jeff Williams, Dave Wichers ‘OWASP top 10: The 10 most critical web application security vulnerabilities’, 2007. [4]. Noopur Davis, ‘Secure Software Development Life Cycle Processes: A technology Scouting Report’,2006. [5]. Michael Howard, Steve Lipner , ‘The Security Development Life Cycle’, 2006.
  • 13. References [6]. Sun Microsystems, Inc., ‘Secure Coding Guidelines for the Java Programming Language, version 2.0’, 2007 [7]. Mark G. Graff, Kenneth R. van Wyk, ‘Secure Coding Principles, and Practices’, 2003. [8]. Dave Dyer, ‘Can Assure save Java from the perils of multithreading’, 1998 [9]. Flight Lieutenant Derek W. Reinhardt, ‘Use of the C++ Programming Language in Safety Critical Systems’, 2004 [10]. Trupti Shiralkar and Brenda Grove,’ Guidelines for Secure Coding’, 2009