Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach

This paper addresses the security challenges that exist due to programming flaws, and explains how simple programming practices can reduce the risks. The paper starts with a description of common application vulnerabilities and risks. The vulnerabilities that are discussed include Buffer overflows, SQL Injection, Script Injection, XML injection and others. The application development platforms, technologies and tools that are widely used in the industry and the vulnerabilities that exist in them are discussed next. The technology and tools discussed include Web Services, Wireless, JAVA, C/C++, Web and Database. Further, the secure programming practices that can be used to avoid the vulnerabilities are presented. Since more and more organizations are embracing the outsourcing business model, the importance of having good security practices in such an environment is briefly touched upon. In the end, case study examples have been provided to illustrate the use of secure coding principles.

Tags:

Read the complete paper at SANS