Chapter 19. Development

As we have discussed in previous chapters, any code that is executed on a system can contain errors, and if these errors can be leveraged by an attacker, this becomes a vulnerability in the system. This is, of course, something that you do not want.

The aim of securely developing code is, somewhat obviously, to reduce the chances of this occurring, as well as to reduce the impact if it does.

Secure coding insofar as particulars within any one language is a large and complex field, far too expansive to cover in its entirety within this book. However, in this chapter we’ll go over the high-level concepts so that you can understand enough of the topic to be able to identify specific areas that it will be useful for you to go and research separately.

Language Selection

Anyone who’s done any coding is probably aware that a variety of programming languages are available. They are probably also aware that the choice of programming language can have an effect on a number of areas, including ease of development, speed of execution, availability of libraries, resources required, operating system compatibility, and a wide array of other factors that contribute to the decision. One of the less-considered factors is the impact on security.

Of course, the choice cannot be entirely about security. Failure to meet other business objectives for the sake of security alone tends to lead to organizations going out of business (unless the purpose of the business is security). ...