Beginners Guide to Securing Your Code

Beginners Guide to Securing Your Code

Photo Credit: tobeweb.eu

Photo Credit: tobeweb.eu

You simply must secure your coding. You must learn to write secure code as well as set up measures to secure your code even further. Since there are different methods that apply to different coding languages, a beginner should learn some of the more generalized forms of security as it applies to his or her choice.

Many of the same solutions work for different languages, but you must implement them in different ways. But, of those solutions, some of the most basic and popular ones are available for all the most basic and popular coding languages. So it doesn’t matter if you’re churning out C# in your editor or writing your first .NET application, there are many things you can do to protect the integrity of your code as well as your intellectual property.

  • Code with an Eye for Security

Starting off, if you’re working in one of the many jobs for electrical engineering, you should already have some idea of the security measures you might want to use. Some security measures will cause you to make some changes to your code. You should decide on which security measures you would like to use early so you can code with those measures in mind. This will save you a lot of work later.

  • Never Trust User Submitted Data

This is a golden rule of coding security. Many exploits and security breaches occur because of a user submitted code snippet. Even something as innocuous as a message box output from your code can give someone a free pass to send anything from an SQL injection to a cross-site scripting attack. These kinds of things happen mostly to web-based applications, but an equivalent can occur no matter what your code does. If it allows for any kind of user-submitted data, then you need to focus on filters and validations before your code outputs anything.

  •  Optimize Your Code Down

You may want to consider breaking your code into parts or manageable chunks. The simpler you keep your code, the easier it will be for you to find problems. The more complex and dynamic you attempt to make your code, the more chance you have to create flaws. Additionally, the more complex your code is, the more security you need to apply which may consist of solutions that are just as complicated.

  • Compile with Warnings Active

If your compiler gives you warnings, then you should rework your code until there are no warnings whatsoever when you compile. Warnings exist for a reason, unless you are sure that you know what you’re doing, you should never ignore them. Additionally, keep all of your coding software up-to-date to make sure that you are following the most up-to-the-second standards and procedures.

  • Restrict Privileges

Limit privilege as much as possible. A lot of malicious code launches in the windows of opportunity created when your code executes a privileged command. Of course, executions with no limitations whatsoever are ripe for malicious code to use them as much as your native code.

  • Layer Your Security

Redundancy plays a major part in any software subsystem. The same should hold for your security measures. You should lay one layer of security over another. This way, even if someone breaches or exploits one part of the security, there is another part below the first to help fend off the attack.

  •  Test Test Test

Throw known attacks at your code in a secure environment. See if the security measures you put into place are actually working. Think outside of your code. Try to come up with ways that you would try to break or circumvent it. The more holes you can find in your own security scheme, the more you can patch before you make your code live.

Applying Generalizations

Many of these examples consist of heavy generalizations. You need to figure out which security measures are the most important for your language, application and process. Someone putting together a JavaScript application will have very different priorities from someone coding a game application. However, the one thing that remains constant between all platforms is that you must secure your code, even if it’s just something you plan to give away to the community.

Beginners Guide to Securing Your Code

You simply must secure your coding. You must learn to write secure code as well as set up measures to secure your code even further. Since there are different methods that apply to different coding languages, a beginner should learn some of the more generalized forms of security as it applies to his or her choice.

Many of the same solutions work for different languages, but you must implement them in different ways. But, of those solutions, some of the most basic and popular ones are available for all the most basic and popular coding languages. So it doesn’t matter if you’re churning out C# in your editor or writing your first .NET application, there are many things you can do to protect the integrity of your code as well as your intellectual property.

·        Code with an Eye for Security

Starting off, if you’re working in one of the many jobs for electrical engineering, you should already have some idea of the security measures you might want to use. Some security measures will cause you to make some changes to your code. You should decide on which security measures you would like to use early so you can code with those measures in mind. This will save you a lot of work later.

·        Never Trust User Submitted Data

This is a golden rule of coding security. Many exploits and security breaches occur because of a user submitted code snippet. Even something as innocuous as a message box output from your code can give someone a free pass to send anything from an SQL injection to a cross-site scripting attack. These kinds of things happen mostly to web-based applications, but an equivalent can occur no matter what your code does. If it allows for any kind of user-submitted data, then you need to focus on filters and validations before your code outputs anything.

·        Optimize Your Code Down

You may want to consider breaking your code into parts or manageable chunks. The simpler you keep your code, the easier it will be for you to find problems. The more complex and dynamic you attempt to make your code, the more chance you have to create flaws. Additionally, the more complex your code is, the more security you need to apply which may consist of solutions that are just as complicated.

·        Compile with Warnings Active

If your compiler gives you warnings, then you should rework your code until there are no warnings whatsoever when you compile. Warnings exist for a reason, unless you are sure that you know what you’re doing, you should never ignore them. Additionally, keep all of your coding software up-to-date to make sure that you are following the most up-to-the-second standards and procedures.

·        Restrict Privileges

Limit privilege as much as possible. A lot of malicious code launches in the windows of opportunity created when your code executes a privileged command. Of course, executions with no limitations whatsoever are ripe for malicious code to use them as much as your native code.

·        Layer Your Security

Redundancy plays a major part in any software subsystem. The same should hold for your security measures. You should lay one layer of security over another. This way, even if someone breaches or exploits one part of the security, there is another part below the first to help fend off the attack.

·        Test Test Test

Throw known attacks at your code in a secure environment. See if the security measures you put into place are actually working. Think outside of your code. Try to come up with ways that you would try to break or circumvent it. The more holes you can find in your own security scheme, the more you can patch before you make your code live.

Applying Generalizations

Many of these examples consist of heavy generalizations. You need to figure out which security measures are the most important for your language, application and process. Someone putting together a JavaScript application will have very different priorities from someone coding a game application. However, the one thing that remains constant between all platforms is that you must secure your code, even if it’s just something you plan to give away to the community.

Fjordan Allego
Follow me

Fjordan Allego

Fjordan Allego aka Fjordz is a Network Security Officer in one of the leading financial firms in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.
Fjordan Allego
Follow me

Related Posts:

  • No Related Posts

Speak Your Mind

*