Développer un code plus sécurisé

Guides de développements sécurisés

OWASP: Software Assurance Maturity Model

IBM: The Building Security In Maturity Model (BSIMM)

Microsoft: Assess Your Security Needs

JavaScript Security Analyzer (JSA) faite partie de IBM Rational AppScan
Standard Edition. Voir aussi IBM Security AppScan Enterprise.

Erreurs communes

  • Null pointer dereference
  • Use after free
  • Double free
  • Dead code caused by logical errors
  • Uninitialized variables
  • Erroneous switch cases
  • Deadlocks
  • Lock Contention
  • Race Conditions
  • Memory leaks
  • File handle leaks
  • Custom memory and network resource leaks
  • Database connection leaks
  • Mismatched array new/delete
  • Missing destructor
  • STL usage errors
  • API error handling
  • API ordering checks
  • Array and buffer overrun
  • Unsafe uses of tainted data

Lire aussi pour les exemples Klocwork_Paper

Microsoft

Windows ISV Software Security Defenses: Windows ISV Software Security Defenses

Download BinScope Binary Analyzer from Official Microsoft Download Center: BinScope Binary Analyzer

Security Briefs: Protecting Your Code with Visual C++ Defenses: Security Briefs Protecting Your Code with Visual C++ Defenses

Hardening Stack-based Buffer Overrun Detection in VC++ 2005 SP1 – Michael Howard’s Web Log: Hardening Stack-based Buffer Overrun Detection in VC++ 2005 SP1

Protecting against Pointer Subterfuge (Kinda!) – Michael Howard’s Web Log: Protecting against Pointer Subterfuge (Kinda!) – Michael Howard’s Web Log

Navigateurs Web

Browser Security Handbook – Google Project Hosting: http://code.google.com/p/browsersec/wiki/Main

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *