Chapter 17. Development

As we have discussed in previous chapters, any code that is executed on a system can contain errors, and if these errors can be leveraged by an attacker then this becomes a vulnerability in the system. This is, of course, something that we do not want.

The aim of securely developing code is, somewhat obviously, to reduce the chances of this occurring, and to reduce the impact if it does.

Secure coding insofar as particulars within any one language is a large and complex field, far too expansive to cover in its entirety within this book. However, we have covered the high-level concepts so that you can understand enough of the topic to be able identify specific areas that are useful for you to go and research separately.

Language Selection

Anyone who codes with any regularity is probably aware that a variety of programming languages are available. She is probably also aware that the choice of programming language can have an effect on a number of areas, including ease of development, speed of execution, availability of libraries, resources required, operating system compatibility, and a wide array of other factors that contribute to the decision. One of the lesser considered factors is the impact upon security.

Of course, the choice cannot be entirely about security. Failure to meet other business objectives for the sake of security alone tends to lead to organizations going out of business (unless the purpose of the business is security). But security should ...

Get Defensive Security Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.