Secure programmer: call components safely
Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.
By David A. Wheeler at IBM developerWorks.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.