Archive

Tag Archives: secure coding

Writing secure code

31 May 2006
Computing
Leave a Comment

Security can seem a daunting subject but there are a few basic concepts and simple techniques that can help you build more secure applications. As Matt Nicholson explains, you need to think like a hacker and adopt a mind-set that makes you suspicious of every item of data that can come into your system.

Originally published on DNJ Online, May 2006

Every hour of the day, every day of the year, someone is trying to break into your system. Most of these attacks are automated – spiders tirelessly scanning your ports, looking for a way in. It doesn’t matter whether you’re an international bank or a one-man band, these programs are looking for weaknesses that they can report back to their owners for evaluation – and possibly a more sophisticated follow-up attack.

Until recently, such attacks have concentrated on your operating systems and network infrastructure. However, as companies like Microsoft put more resources into plugging the security holes in their software, attackers have realised there is an easier way: through the applications that you write to run on these systems. Few companies have the resources or expertise of Microsoft when it comes to resolving security issues, and if the application is on the Internet then the attacker can access it in a fairly anonymous fashion from almost anywhere in the world. Read More

Understanding security

31 May 2006
Computing
Leave a Comment

Authentication and confidentiality are issues that have fascinated scientists and mathematicians for centuries. Matt Nicholson looks at some of the techniques in use today.

Originally published DNJ Online, May 2006

A man walks into a bank and presents a cheque to the cashier. The cheque is made out in the man’s name, but the cashier refuses to cash the cheque. Why?

There could be many reasons. The cashier could suspect the cheque has been tampered with so as to pay out a larger sum than the payer intended. The cashier could suspect that the customer is not who he claims to be, or that the driving licence he presents as identification is a forgery.

Whatever the scenario, secure communication essentially comes down to authentication and confidentiality. In the real world, authentication is achieved through a passport or a signature, and confidentiality through a sealed envelope or locked safe. In the digital world authentication is achieved through knowledge of a secret code, such as a password or a PIN (Personal Identification Number), and confidentiality through encryption. Read More