Skip to content

Defensive Coding Practices

Declarative vs Programmatic (imperative) Security

  • early design decision
  • Declarative
    • focus on defining security policy
    • define the what
    • Security is defined in the deployment, not the code itself
    • Managed by ops team, not dev team
    • more flexible security
    • sql
  • Imperative
    • embedded into code
    • less flexible/portable/reusable but allows for greater granularity
    • python, java

Bootstrapping

  • startup process when computer/program starts

Cryptographic Agility

  • easily change cripto funcionallity ,allowing easier international customization fo different country
  • allow for changes in crypto function (e.g. algorithm) without changing code
  • also assists with international cryptography reqs
  • early design decision
  • important to use secure sessions

Handling Configuration Parameters

  • securing config files is an important design decision

Memory Management

  • ASLR (address space layout randomization) is used to defend aggainst attacks by breaking memory localy: local attacks
  • shared responsibility between app and OS
  • managed code applications (.NET, Java) handle memory management

Type-safe Practice

  • type safety is linked to memory safety: cannot access arbitrary locations of memory

Locality

  • when a program references memory, other references are generally predictable and in close proximity
  • several memory attacks take advantage of locality

Error Handling

Exception Management

  • if left to the OS to handle, privilege escalation and other issues can occur

Interface Coding

  • need appropriate AuthN and AuthZ
  • audit externally exposed, privileged operations

Primary Mitigations

  • standard best practice mitigations:
    • lock down env
    • establish/maintain control of inputs
    • establish/maintain control of outputs
    • assume external components can be undermined
    • assume code can be read by anyone
    • use libraries and frameworks that avoid introducing weaknesses
    • use industry-accepted security features
    • integrate security into the entire SDLC
    • use mix of methods to find and prevent weaknesses

Defensive Coding

  • input validation, exception handling

Foundational:

  • attack surface reduction
  • understand common coding vulns
  • implement standard mitigations

Other:

  • code analysis
  • code review
  • versioning
  • crypto agility
  • memory mgmt
  • exception handling
  • interface coding
  • managed code (it provides type-safe code,improved memory management)

Exam tips:

  • controlling concurrency (access to shared objects/race conditions)
  • tokenization for sensitive data
  • the actual handling of an out-of-range calculation is best performed by exception handling on the range value itself.

Learning from Past Mistakes

  • security team should regularly update security reqs while considering errors from other companies

RASP

  • mitigate attacks in real-time