Data Protection and Security

   

VI

Operating System Security and Secure Programming

    

VI.IV

Secure Software Development

    
   
 

Software Security Risks:

In a bigger picture, we can group software security risks into two flavors:

  1. Architectural problems

    2. Some general guidelines for architectural problems:

    • Integrate security into your software engineering methodology.
    • Apply general principles for developing secure software systems.
    • Deal with security when performing system assessments.
  2. Implementation errors

      3. The most seen errors:

    • Buffer overflows
    • Race conditions
    • Randomness problems

To avoid implementation error, auditing the source code is one possible solution. For this purpose, there are tools that can statically scan source for function calls and constructs that are known to have security-related implementation flaws. One such tool is RATS (Rough Auditing Tool for Security) which is an open source tool and can be downloaded from http://www.securesw.com/rats.

The applet provided on the right helps you understand how RATS can be used to streamline implementation analysis. Note that other tools have features similar to RATS.

  
Animation VI.IV-I: RATS animation. [click to enlarge]
   
       
 
«previous session [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] next session »
   
       
 
«proceed to previous section proceed to next section »
  chapter index