The scary stories from the web are getting worse. First there were a few stolen credit card numbers. Then there were a few thousand. Now we hear about millions of financial records being exposed by security breaches, and we grow numb to the potential threat. Credit card numbers barely scratch the surface of what the bad guys are after, and there are more dangerous stories that come out of the labs studying cyber war.
Writing secure code begins long before the first loop is formed—and is no easy task. To even approximate bulletproof code, architects, engineers, auditors, and managers must try to imagine everything that could go wrong with every aspect of the code. Although it’s impossible to anticipate every nasty curve the attackers will throw, you have to do all you can to reduce your attack surface, plug holes, and guard against the fallout of a potential breach.
Here are 17 tips for producing more secure code. The list is far from complete, but it should bring you closer to your goal. We all benefit from greater security.
Secure programming tip No. 1: Test inputs rigorously
Attackers need a path into your machines, and the easiest routes are through the doors your code opens. If your software takes input from the Internet, someone will try to sneak something past you.