Secure coding (secure programming) is a field that is gaining a lot of attention.
Flaws are constantly discovered in a wide range of known server applications.
These flaws are not flaws emerging from an insecure high-level design of the
applications but are flaws that were introduced at the source code level and
that are a result of careless programming. Such flaws can be exploits of buffer
overflows or the result of lacking input validation routines. In this document
I will provide a brief definition of secure coding and of secure programs and
will try to assess the reasons for the need to focus efforts on this aspect
of information security.
This document is in pdf format. To
view it click here.