Scribd Logo
Upload

Welcome to Scribd!

  • Assginment Programming Techniques

    Uploaded by

    Denzel Chiuseni
    10 views1 page

    Original Title

    assginment programming techniques

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views1 page

    Assginment Programming Techniques

    Uploaded by

    Denzel Chiuseni

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Principles for secue programming.

    Principles for secure programming are as follows:


     Use of layered security defense. Making use of multiple security structures enhance
    security in programs. Conesa and Patrick p33 defined layered security as “the practice of
    using many different security controls at different levels to protect assets. This provides
    strength and depth to reduce the effects of a threat. The goal is to create redundancies
    (backups) in case security measures fail, are bypassed or defeated.

    Caballero highlighted that “layered security measures increase security of a system as a


    whole. If an attack causes one security mechanism to fail, other mechanisms may still
    provide the necessary security to protect the system”

     Input Validation. Seacord defines Input validation as “the proper testing of any input
    supplied by a user or application.” He went on to emphasize that "Proper input validation
    can eliminate the vast majority of software vulnerabilities.”

     Keep it Simple. Saltzer highlighted that “Keep the design as simple and small as
    possible.” He went on to emphasize that “Complex designs increase the likelihood that
    errors will be made in their implementation, configuration and use. Additionally the
    effort required to achieve an appropriate level of assurance increases dramatically as
    security mechanisms become more complex”

     Threat Modelling. Swidershi & Snyder defined threat modelling as “the approach of
    playing through attacks and hacks ahead of time.” They went on to emphasize that
    “Threat modelling involves identifying key assets, decomposing the application,
    identifying and categorizing the threats to each asset or component, rating the threats
    based on a risk ranking anfd then developing threat mitigating strategies that are
    implemented in designs, code and test cases.”
    Reference List
    Conesa, Patrick, Community Safety Guide: Security Planning for Everyone, 2018
    Albert Caballero, Managing Information Security, 2014
    Robert Seacord, Secure Coding Practices, 2006
    J H Saltzer, Protection & the Control of Information Sharing in Multics, 1974,
    F Swidershi, W Snyder, Threat Modelling,2004, WA: Microsoft Press

    You might also like