Aaron Jensen's splattered bits

"The time has come," the Walrus said,
"To talk of many things:
Of shoes—and ships—and sealing-wax—
Of cabbages—and kings—
And why the sea is boiling hot—
And whether pigs have wings."

Home

Articles

Book Reviews

Tips & Tricks

Help Desk

Links

Tools

About the Writer

About the Site

Contact

E-mail
aaron@splatteredbits.com
Twitter

Sites I Can't Live Without

Alertbox
Coding Horror
Cool Tools
The Daily WTF
Daring Fireball
A Fresh Cup
Ftrain
Hoojaboose
Joel on Software
Schneier on Security
Stevey's Blog Rants
Uncle Bob's Blatherings

RSS

The views expressed on this web site are mine alone and do not necessarily reflect the views of my employer.

Tuesday, 19 June 2007

Writing Secure Code

Question: How do you survive being attacked by a wild bear?

Answer: Run faster than your slowest friend.

I work in a security department where we are tasked with the responsibility to do security design and code reviews to make sure our products and solutions are “secure”. It seems, sometimes, that our group is “responsible” for security. I don’t agree with this approach or attitude. Security isn’t one team’s job, but everybody’s responsibility. It is my view that all software engineers must take responsibility for the security of the code they write.

If there is one principle of security I could get all developers to understand it is this:

All input is evil.

That’s right: you must assume that all input coming into your application is from an attacker trying to steal data from your database, users, etc. It is all evil until proven otherwise.

A corollary to this is the following:

The less input accepted from the user, the better.

People who have studied secure coding techniques will recognize my corollary as a different way of saying “Reduce your attack surface.”

Input into your application can be seen as the doors and windows into your house: the more you have, the more avenues a thief has to come in and pillage. He simply needs to find the entrance with the weakest security.

The fewer entrances you have, the harder a thief has to work to exploit them, and the more likely he will move on to easier targets. To escape a pack of wolves, an elk only has to run faster than the slowest elk to survive. Your house simply has to be harder to penetrate than others in your neighborhood to be safe.

Attackers and thieves aren’t much different than hungry wolves: they are both looking for the quickest, easiest way to survive. They are lazy. They don’t want to work. If they did, they would go out and get normal jobs like the rest of us.

Just like having fewer doors and windows on your house means you can spend more money on each one for security, the fewer inputs you have, the more time, energy, and resources you can spend to secure them. You will have less code to write (always a Good Thing™©®) and the less inclined you will be to make shortcuts (i.e., not validate all your input).

Remember, attackers are cleverer than you and smarter than you. You may not see how they can exploit your application but you sure better do all you can to make your application secure enough to make them move on to the next application.