RE: So what ?... |
||
 Tr flamebalrog On 2005-04-09 13:41:54, CyberTNT wrote >Well SNEAK should be a secure pogramm. Come on that should have been easy to guess... Well, I didn't think there was something to guess as EVERY program should be written according to rules aiming at making it secure. So, yes, there is a relation with SNEAK (as with any other project), but not a specific relation (thus, my question). Also, some people think about "secure programming" as something that stands on its own : I don't. Do you want security ? If yes, then follow common good (basic!) coding practices : input validation, error handling (maybe one of the first things everyone should learn about a language), checking functions return values, K.I.S.S., algorithm first, etc... That's where security starts and almost entirely lies. Don't forget a vulnerability is nothing more than a bug with particular consequences. Get rid of bugs and unwanted behavio(u)rs and you'll be safe. As you can see : nothing new (see this), nothing specific to SNEAK (shouldn't every prog' be bug-free ?). Now, maybe the link you provided isn't the most appropriate (seems to be C/C++ oriented, don't you think ?). I would have begun with something like http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html (and more specifically with http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/java.html). For the (future) web version, the OWASP guide might be a good start. Some other stuff : http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html http://www.jguru.com/faq/Security oh...and http://java.sun.com/security/ ;) - Is it a feature or a bug ? - Replies:
|
||
| CyberArmy::Forum v0.6 Generated In 0.03500 seconds |
2005-04-08 09:16:51