App Development Security Facts

App Development Security Facts

March 19, 2017, Author: Taylor

Secure coding concepts include the following:  

Concept  Description  
Error and exception handling  Error and exception handling is a programming language construct designed to handle the occurrence of exceptions. Exceptions are special conditions that change the normal flow of program execution. An exception is handled (resolved) by:   Saving the current state of execution in a predefined place.  Switching the execution to a specific subroutine known as an exception handler.  
Input validation  Input validation is the process of ensuring that a program operates on clean, correct, and useful data. Input validation:   Prevents data corruption or a security vulnerability.  Uses routines (also called validation rules or check routines) that check for correctness, meaningfulness, and security of data that are input to the system.  

Be aware of the following:  

  • Application code is exception-safe if run-time failures within the code will not produce ill effects such as memory leaks, garbled stored data, or invalid output.  
  • Fuzz testing (also known as fuzzing) is a software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application. Fuzzing program types are:   
  • Mutation-based, which mutate existing data samples to create test data.  
  • Generation-based, which define new test data based on models of the input.  
  • code review is a systematic examination of an application’s source code. It is intended to find and fix overlooked mistakes, improving the overall quality and security of software. A code review is sometimes called a peer review.  
  • Baselines are of a set of consistent requirements that establish a standard configuration for all systems. With a baseline established, you can more easily identify abnormal activity as well as areas that need improvement.  
  • Configuration testing is the process of testing an application under development on systems which have various combinations of hardware and software implemented.  

Comments (0)