Scribd
Upload
18 views

Assginment Programming Techniques

Principles for secure programming include using layered security defenses, validating all input, keeping designs simple, and threat modeling. Layered security involves using multiple controls at different levels to strengthen security even if one measure fails. Input validation tests any user-supplied data. Simple designs reduce errors and complexity. Threat modeling identifies assets, decomposes applications, categorizes threats, and develops mitigation strategies implemented in code.

Uploaded by

Denzel Chiuseni
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
18 views

Assginment Programming Techniques

Principles for secure programming include using layered security defenses, validating all input, keeping designs simple, and threat modeling. Layered security involves using multiple controls at different levels to strengthen security even if one measure fails. Input validation tests any user-supplied data. Simple designs reduce errors and complexity. Threat modeling identifies assets, decomposes applications, categorizes threats, and develops mitigation strategies implemented in code.

Uploaded by

Denzel Chiuseni
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Principles for secue programming.

Principles for secure programming are as follows:


 Use of layered security defense. Making use of multiple security structures enhance
security in programs. Conesa and Patrick p33 defined layered security as “the practice of
using many different security controls at different levels to protect assets. This provides
strength and depth to reduce the effects of a threat. The goal is to create redundancies
(backups) in case security measures fail, are bypassed or defeated.

Caballero highlighted that “layered security measures increase security of a system as a


whole. If an attack causes one security mechanism to fail, other mechanisms may still
provide the necessary security to protect the system”

 Input Validation. Seacord defines Input validation as “the proper testing of any input
supplied by a user or application.” He went on to emphasize that "Proper input validation
can eliminate the vast majority of software vulnerabilities.”

 Keep it Simple. Saltzer highlighted that “Keep the design as simple and small as
possible.” He went on to emphasize that “Complex designs increase the likelihood that
errors will be made in their implementation, configuration and use. Additionally the
effort required to achieve an appropriate level of assurance increases dramatically as
security mechanisms become more complex”

 Threat Modelling. Swidershi & Snyder defined threat modelling as “the approach of
playing through attacks and hacks ahead of time.” They went on to emphasize that
“Threat modelling involves identifying key assets, decomposing the application,
identifying and categorizing the threats to each asset or component, rating the threats
based on a risk ranking anfd then developing threat mitigating strategies that are
implemented in designs, code and test cases.”
Reference List
Conesa, Patrick, Community Safety Guide: Security Planning for Everyone, 2018
Albert Caballero, Managing Information Security, 2014
Robert Seacord, Secure Coding Practices, 2006
J H Saltzer, Protection & the Control of Information Sharing in Multics, 1974,
F Swidershi, W Snyder, Threat Modelling,2004, WA: Microsoft Press

You might also like