打造安全软件：正确避免问题的方法

1星需积分: 18 140 浏览量更新于2024-07-23 1 收藏 289KB PDF 举报

《Building Secure Software：How to avoid security problems the right way》是由John Viega和Gary McGraw合著的一本专业书籍，专注于软件安全领域的深入探讨。该书出版于2001年，以PDF格式提供，旨在帮助读者理解和解决软件开发过程中遇到的安全问题。两位作者以其丰富的经验和深入洞察，引导读者进入一个全新的视角，理解为何即使看似无害的程序也可能隐藏着安全漏洞。书中第一章"Introduction to Software Security"开门见山地阐述了软件安全的重要性。随着电子商务的兴起和互联网的普及，信息安全成为日常生活的核心议题，不再仅仅是技术专家的专长，而是直接影响普通人的生活。作者引用Steve Bellovin的观点强调，任何程序都不能掉以轻心，因为它们都有可能隐藏安全隐患，必须采取“疑罪从无”的态度来对待每一个可能存在的威胁。作者通过实例和理论相结合的方式，展示了当前计算机安全形势的严峻性，并指出公众对网络安全的无知使得防范工作更为关键。书中深入讲解了如何在设计、编码和测试阶段就引入安全措施，预防潜在的漏洞，以及如何进行有效的风险管理，确保软件产品的安全性。《Building Secure Software》不仅提供了实用的技巧和策略，还涵盖了软件安全的最佳实践和标准，如密码学、访问控制、代码审查等，帮助开发者养成良好的安全编程习惯。此外，书中还探讨了安全与隐私的关系，以及如何处理日益复杂的威胁环境，如网络攻击、恶意软件和数据泄露。这本著作是软件开发人员、安全专业人员以及所有关注网络安全的读者的必备参考资料。它不仅是一份实用的指南，也是对软件安全理念和方法论的深度剖析，对于提升软件系统的整体安全性和用户信任度具有重要的指导意义。阅读这本书，将有助于避免软件开发过程中的常见安全问题，确保数字化世界的稳健与安全。

holes as malicious hackers instead of simply hackers throughout this book. See the side

bar.)

We want to do our part in the war against crummy software by providing lots of

information about common mistakes, and good ideas that can help you build more secure

code.

Dealing with Widespread Security Failures

We probably don’t need to spend too much time convincing you that security holes in

software are common, and that you need to watch out for them. Nonetheless, many

people do not realize how widespread a problem insecure software really is.

The December 2000 issue of the Industry Standard (a new economy business magazine)

featured an article entitled “Asleep at the Wheel” by David Lake. The article emphasized

the magnitude of today’s security problem using an excellent presentation of data. Using

numbers derived from Bugtraq (a mailing list dedicated to reporting security

vulnerabilities), David Lake created the figure below, which shows the number of new

vulnerabilities reported monthly, from the start of 1998 until the end of September, 2000.

According to these data, the number of software holes being reported is growing. These

figures suggest that approximately 20 new vulnerabilities in software are made public

each week. Some of these vulnerabilities are found in source-available software

programs, but many are also found in proprietary code. Similarly, both Unix and

Windows programs are well-represented in such vulnerability data. For example, there

were over a dozen security problems found and fixed in Microsoft Outlook during the

year 2000.

Additionally, “tried and true” software may not be as safe as one might think; many

vulnerabilities that have been discovered in software existed for months, years and even

decades before discovery, even when the source was available (see Chapter 4).

Figure 1: Bugtraq vulnerabilities by month from January 1998 to September 2000.

The consequences of security flaws vary. Consider that the goal of most malicious

hackers is to “own” a networked computer (and note that most malicious attackers seem

to break into computers simply because they can). Attacks tend to be either “remote” or

“local”. In a remote attack, a malicious attacker can break onto a machine that is

connected to the same network, usually through some flaw in software. If the software is

available through a firewall, then the firewall will be useless. In a local attack, a

malicious user can gain additional privileges on a machine, usually administrative

privileges. Most security experts agree that once an attacker has a foothold on your

machine, it is incredibly difficult to keep them from getting administrative access;

operating systems and the privileged applications that are generally found on them

constitute such a large and complex body of code that the presence of some security hole

unknown to the masses (or at least the system administrator) is always likely.

Nonetheless, both kinds of problems are important, and it is important for companies

wishing to be secure to keep up with security vulnerabilities in software. There are

several popular sources for vulnerability information:

Bugtraq. The Bugtraq mailing list, administered by securityfocus.com, is an e-mail

discussion list devoted to security issues. Many security vulnerabilities are proposed,

scripted, and patched on Bugtraq (which generates a large amount of traffic). The signal

to noise ratio on Bugtraq is low, so reader discretion is advised. Nevertheless, this list is

often the source of breaking security news and interesting technical discussion. Plenty of

computer security reporters use Bugtraq as their primary source of information.

Bugtraq is famous for pioneering the principle of “full disclosure”, which is a debated

notion that making full information about security vulnerabilities public will encourage

vendors to fix such problems more quickly. This philosophy was driven by numerous

documented cases of vendors downplaying security problems, refusing to fix them when

they believed that few of their customers would find out about any problems.

If the signal to noise ratio on Bugtraq is too low for your tastes, the securityfocus.com

web site keeps good information on recent vulnerabilities.

CERT Advisories. The CERT Coordination Center (CERT/CC, www.cert.org) is located

at the Software Engineering Institute, a federally funded research and development center

operated by Carnegie Mellon University. CERT/CC studies Internet security

vulnerabilities, provides incident response services to sites that have been the victims of

attack, and publishes a variety of security alerts.

Many people in the security community complain that CERT/CC announces problems

much too late to be effective. For example, a problem in the TCP protocol was the subject

of a CERT advisory released a decade after the flaw was first made public. Delays

experienced in the past can largely be attributed to the (since changed) policy of not

publicizing an attack until patches were available. However, problems like the

aforementioned TCP vulnerability are more likely attributed to the small size of CERT.

CERT tends only to release advisories for significant problems. In this case, they reacted

once the problem was being commonly exploited in the wild. The advantage of

CERT/CC as a knowledge source is that they highlight attacks that are in actual use, and

剩余25页未读，继续阅读

machaw

粉丝: 1
资源: 3

打造安全软件：正确避免问题的方法

Software Security Building Security In

The J2EE Architect's Handbook: How to be a Successful Technical Architect for J2EE Applications

From Evaluation Metrics to Model Optimization: How to Select the Optimal Threshold

Evaluation Techniques in Ensemble Learning: How to Assess the Combination of Multiple Models

Model Comparison: 5 Strategies to Avoid Traps and Choose the Right Model

The Absolute Importance of Model Validation: How to Ensure Your Model Isn't a House of Cards

Model Performance Benchmarking: How to Establish a Fair Comparison Platform

there were errors checking the update sites: sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable to find valid certification path to requested target

Error Message: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

最新资源