Chapter 21. Secure Software Installation
The installation process is one of the most overlooked aspects of application security, and installation errors account for a sizable proportion of security patches. If you do a thorough job coding a network service that doesn’t contain buffer overflows and resists denial of service (DoS) attacks, you could be quite startled to find that your installation routine has turned your carefully crafted application into a local escalation of privilege attack.
The root of the problem is that much of the commonly used installation software available doesn’t have a clue about security settings; at least, that’s true at the time of this writing. Hopefully, this will change, but in the meantime, if you want to create ...
Get Writing Secure Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.