Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Chapter 9. Secure Coding Guidelines - Pg. 183

CHAPTER 9: SECURE CODING GUIDELINES In Chapter 7 we discussed the role of secure coding guidelines in ensuring that applications are secure. In this chapter, we look at some of the most important guidelines developers should follow. Since many of these are low level code writing requirements, we illustrate the guidelines with code snippets. As the coding guidelines are platform- agnostic and apply to all popular platforms, we show code snippets only for one platform, .Net. The examples we show with .Net can be ported to J2EE, PHP, Perl and other platforms too. We classify the coding guidelines into six categories: 1. Input validation guidelines. 2. Authentication guidelines. 3. Guidelines for handling sensitive data. 4. Session management guidelines. 5. Error handling guidelines. 6. Miscellaneous guidelines. Input validation guidelines (ISO27001 A.12.2.1) Validate all user inputs to prevent any malicious input from being accepted. If such inputs are not validated, it may lead to several possible attacks, as we have already seen: SQL injection, LDAP injection, cross-site scripting, etc. A strong input validation strategy will have a number of elements. 183