{"id":91318,"date":"2023-05-15T08:33:00","date_gmt":"2023-05-15T08:33:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=91318"},"modified":"2023-05-15T08:33:00","modified_gmt":"2023-05-15T08:33:00","slug":"security-think-tank-to-secure-code-effectively-verify-at-every-step","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=91318","title":{"rendered":"Security Think Tank: To secure code effectively, verify at every step"},"content":{"rendered":"<p><!-- EzinePromoController, generated at 08:38:09 Mon May 15, 2023, by cds1 --><br \/>\n<!-- ContentItemController, generated at 08:37:55 Mon May 15, 2023, by cds1 --> <\/p>\n<section id=\"contributors-block\">\n<div class=\"main-article-author v2\">\n<div class=\"image-resize\"> <img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/05\/security-think-tank-to-secure-code-effectively-verify-at-every-step.jpg\" alt=\"Petra Wenham\"> <\/div>\n<p> <span>By<\/span> <\/p>\n<p> Published: <span>15 May 2023<\/span>\n<\/p>\n<\/div>\n<\/section>\n<section id=\"content-body\">\n<p>It\u2019s been quite a while since I dd any actual coding and while I have done machine level coding I was initially taught <a href=\"https:\/\/www.techtarget.com\/searchapparchitecture\/tip\/5-dead-programming-languages-we-should-never-forget\">Algol<\/a> and <a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/FORTRAN-FORmula-TRANslation\">Fortran<\/a>, both being high level languages.<\/p>\n<p>In my 20 plus years in information security and assurance the issue of secure coding has risen in importance. It is through poor coding and housekeeping procedures that many successful security breaches have occurred, but the role of the operational environment and any background housekeeping functions should not be overlooked, they can, indeed, be critical.<\/p>\n<p>A big part of secure coding is ensuring that any input to a piece of code only is allowed to originate from a known \u2013 verified \u2013 source and that the input is subjected to rigorous boundary and content checking and, should the input not be conformant, then that data is completely destroyed.<\/p>\n<p>Similarly output from a piece of code should only come from within the code itself and sent to known \u2013 verified \u2013 destinations and not allowed to use memory outside of what has been allocated. The code itself should only access and use allocated memory locations and system I\/O, housekeeping functions should also clean up any temporary memory locations post use.<\/p>\n<p>The operating system that any code runs under should allocate, monitor and control memory usage in order to stop one piece of code from violating the memory allocated to other pieces of code.<\/p>\n<p>The OS should only permit verified (certified or flagged) code to run, non-verified code should be isolated, prevented from running and an error output.<\/p>\n<p>It should be noted that this could be a multi-level operation where, for example, you have a host system and OS that is running a number of virtual hosts or supporting a number of containers \u2013 not &nbsp;forgetting that a virtual host could also be running a number of containers making for a very complex environment.<\/p>\n<p>There are quite a few software, container and OS testing tools on the market but unless your organisation has its own IT department that is developing, maintaining and deploying code you will probably look to outsourcing any necessary testing and review work to a competent agency.<\/p>\n<\/section>\n<p> <!-- DownloadOfferController, generated at 08:38:09 Mon May 15, 2023, by cds1 --><br \/>\n<!-- AskAnExpertController, generated at 08:38:09 Mon May 15, 2023, by cds1 --><br \/>\n<!-- DigDeeperController, generated at 08:37:55 Mon May 15, 2023, by cds1 --><\/p>\n<section class=\"section dig-deeper\" id=\"DigDeeperSplash\">\n<h4 class=\"section-title\"> <i class=\"icon\" data-icon=\"m\"><\/i>Read more on Application security and coding requirements<\/h4>\n<\/section>\n<p><!-- EHandbookController, generated at 06:55:12 Mon May 15, 2023, by cds1 --><br \/>\n<!-- CollectionController, generated at 06:55:12 Mon May 15, 2023, by cds1 --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Published: 15 May 2023 It\u2019s been quite a while since I dd any actual coding and while I have done machine level coding I was initially taught Algol and Fortran, both being high level languages. In my 20 plus years in information security and assurance the issue of secure coding has risen in importance. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":91319,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-91318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/91318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=91318"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/91318\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/91319"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=91318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=91318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=91318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}