The secure-coding tag has no wiki summary.
3
votes
3answers
274 views
Is checking return values always required? [duplicate]
We know that checking return values prevent our software from unexpected states. (You can see CWE definition.)
But, we are sometimes sure about the return value. For example:
bool ...
0
votes
1answer
78 views
Sending Out Functions To Return Or To Die
Which is preferable for both solid technique and secure coding?
Example #1:
function_one()
blah;
function_two()
blah;
print blah;
exit;
...
Example #2:
...
2
votes
1answer
57 views
Security Pattern to store SSH Keys
I am writing a simple flask application to submit scientific tasks to remote HPC resources. My application in background talks to remote machines via SSH (because it is widely available on various HPC ...
0
votes
0answers
17 views
Storing a WCF endpoint in the registry - worried about security
I am storing my wcf endpoint in the registry, and using that whenever my app starts up to instantiate a wcf derived object.
The user can change the endpoint location, to another server, and the ...
1
vote
1answer
79 views
What kind of processes or static alaysis would you use to catch impropper buffer bugs such as the one that caused heartbleed? [closed]
What kind of process or static analysis would catch the heart bleed bug other than human code reviews which we already know failed. The Fix Commit is here.
0
votes
1answer
636 views
Is sending data to a server via a script tag an outdated paradigm?
I inherited some old javascript code for a website tracker that submits data to the server using a script url:
var src = "http://domain.zzz/log/method?value1=x&value2=x"
var e = ...
6
votes
3answers
918 views
Login on every page requires SSL on all pages
Our website has a login form that shows up in the header on every page on the website. This is what my boss wants however we need to get PCI compliant and it says any sensitive form (login/password) ...
3
votes
1answer
120 views
What procedures or audits should be used to assess the security of a software system?
Are there any standardised security procedures or auditing techniques that can be used to assess the security of a piece of software? I'm specifically interested in auditing software written in Java, ...
5
votes
2answers
388 views
Web application development security best practices [closed]
I am looking for the current, state of the art, coding standards for web development (mostly PHP). Since I do not want to reinvent the wheel I would like to reuse libraries written by people much ...
5
votes
4answers
227 views
Are there languages that make it easier to understand secure coding principles?
I'm interested in expanding my knowledge of security issues: things like buffer overflows, format string vulnerabilities, etc. I'd like to be able to go through a language and understand its security ...
5
votes
3answers
234 views
Examining source code for maliciousness and security vulnerabilities
What are some techniques in determining if a particular piece of source code is malicious or vulnerable to malicious attack? I am currently using cppcheck and I am waiting on an install of Rational ...
