Secure Code [TODO]

RecommendationSecurity

Writing Secure Code

STRIDE Threat Model

  • Spoofing identity
  • Tampering with data
  • Repudiation
  • Information disclosure
  • Denial of service.
  • Elevation of privilege

Top 10 Most Dangerous Software Errors

  1. Improper Neutralization of Special Elements used in an SQL Command
    (‘SQL Injection’)
  2. Improper Neutralization of Special Elements used in an OS Command (‘OS
    Command Injection’)
  3. Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
  4. Improper Neutralization of Input During Web Page Generation (‘Cross-site
    Scripting’)
  5. Missing Authentication for Critical Function
  6. Missing Authorization
  7. Use of Hard-coded Credentials
  8. Missing Encryption of Sensitive Data
  9. Unrestricted Upload of File with Dangerous Type
  10. Reliance on Untrusted Inputs in a Security Decision

Thanks to TrendMirco’s Stanley Liu

TrendMicro: http://www.trendmicro.com.cn/cn/

Title:Secure Code [TODO]

Author:_IDLER_

License: "CC BY-NC-SA 4.0" Keep Link & Author if Distribute.

Contents
  1. 1. Writing Secure Code
    1. 1.1. STRIDE Threat Model
    2. 1.2. Top 10 Most Dangerous Software Errors
    3. 1.3. Thanks to TrendMirco’s Stanley Liu