ReadWriteWeb

Coding Errors that Affect Security: Sort by Language, Phyla, or Kingdom

Written by Lidija Davis / March 21, 2009 10:07 PM / 7 Comments
« Prior Post Next Post »

fortify_logo_mar_07.jpgWhile most developers are proficient in several languages, today's economic climate coupled with advances in technology has meant that oftentimes developers need to pick up a new language quickly. And although most developers are typically fluent in the security issues surrounding their specific languages and do their best to ensure that the code they produce is secure, security vulnerabilities in new language environments may not be as well understood.

Enter Fortify, a software security company that has organized security issues by both vulnerability category and by language so developers can easily ascertain the types of errors that have an impact on security.

"By better understanding how systems fail, developers will better analyze the systems they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future," the company explains.

A Taxonomy of Coding Errors that Affect Security borrows terminology from biology: vulnerability categories (for instance, Cross Site Scripting and Buffer Overflow) are referred to as phyla, and collections of vulnerability categories that share the same theme are referred to as kingdoms (for instance, Input Validation and Representation).

According to the site, vulnerability phyla are classified into "seven plus one" pernicious kingdoms presented in the order of importance to software security:

  1. Input Validation and Representation
  2. API Abuse
  3. Security Features
  4. Time and State
  5. Errors
  6. Code Quality
  7. Encapsulation
  8. *. Environment

Important to note, issues 1 - 7 are associated with security defects in source code, while 8 describes security issues outside the actual code.

Languages covered include Cold Fusion, C/C++, C#/VB.NET/ASP.NET, HTML, Java/JSP, Javascript, PHP, PLSQL/TSQL, Visual Basic/VB Script/ASP, Webservices, and XML.

A Taxonomy of Coding Errors that Affect Security was developed by the Fortify Software Security Research Group and Dr. Gary McGraw, and complete descriptions with source code examples can be found here.

« Prior Post Next Post »
Posted in and tagged with

Related Entries


Comments

Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts

  1. Well, this would be a great news for all the coding experts out there..

    Posted by: ITrush | March 22, 2009 1:08 AM



  2. It's useful information for me and the people work in IT.

    Posted by: vigosshong Author Profile Page | March 22, 2009 7:52 AM



  3. Taxonomy will help us! Thank you!

    Posted by: Eğitişim Kariyer Enstitüsü | March 22, 2009 8:55 AM



  4. The work described above was published in my book "Software Security." For information about the book and the Seven Pernicious Kingdoms see:

    http://swsec.com

    gem

    Posted by: Gary McGraw | March 22, 2009 11:50 AM



  5. No doubt. This is a great tool to develop awareness of potential vulnerabilities and mitigate those serious threats before they actually surface in the product. Thanks for sharing.

    Posted by: Gopi Padakandla | March 22, 2009 12:51 PM



  6. Important information for developers. Thank you for sharing with everyone.

    Posted by: Top Online Degrees | March 23, 2009 12:44 AM



  7. Amazing resource!

    Posted by: Andrew Banyon | March 23, 2009 4:01 PM



Leave a comment

Optional: Sign in with Connect Facebook   Sign in with Twitter Twitter   Sign in with OpenID OpenID  |  
RWW SPONSORS


FOLLOW @RWW ON TWITTER

ReadWriteWeb on Facebook



POPULAR TAGS

TEXT LINK ADS