View
520
Download
4
Category
Tags:
Preview:
Citation preview
Reference from OWASP( www.owasp.com).
Security Check
BY- Prabhanshu Saraswat
ISTQB official website was compromised and offensive photo was put on its homepage.
LinkedIn – the popular social media network – recently confirmed that a breach of its network has compromised hashed passwords associated with its accounts. News reports estimate almost 6.5 million passwords have been compromised. - See more at: http://blog.aujas.com/quick-test-find-company-security.html#sthash.STsZqk85.dpuf
Financial Times Tech Blogs & Twitter Accounts Hacked By Syrian Electronic Army.
An unknown hacker hacked the website of Thai Prime Minister Yingluck Shinawatra’s office and posted offensive message as shown in the image below.
Few recent security Breaches around the world
Offensive Message
Security Checklist for development
Boot unmanaged code, Believe in Tested and managed.
Love task specific built-in APIs Do not permit the application to issue commands directly to the Soul ,
Especially through the use of application initiated command shells.
Use Checksum or Hash
Use a small-size datum computed from an arbitrary block of digital data for the purpose of detecting errors to verify the integrity of interpreted code, libraries, executable, and configuration files.
Limit the access to prevent multiple simultaneous requests or use a synchronization mechanism to prevent race conditions( locking).
Lock
Protect shared variables and resources
Like inappropriate concurrent access
Clearly initialize all your variables and other data stores, either during declaration or just before the first usage
Explicit Declaration
Quick Raise and Drop elevated privileges
If application must run with elevated privileges then raise privileges as late as possible,and also drop them as soon as possible.
Get rid from overwhelming
Avoid calculation errors by understanding your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision,signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation
Do not play with user supplied data let it to come in first
Do not pass user supplied data to any dynamic execution function
Do not change user into a developer its your role
Restrict users from generating new code or altering existing code
Use magnifying glasses for third party support
Review all secondary applications, third party code and libraries to determine business necessity and validate safe functionality, as these can introduce new vulnerabilities
If the application will utilize automatic updates, then use cryptographic signatures for your code and ensure your download clients verify those signatures. Use encrypted channels to transfer the code from the host server.
Be private to update & Implement safe updating
Recommended