Main Page | See live article | Alphabetical index

Defensive programming

Here are some hints on defensive programming techniques to avoid creating security problems. Many of these techniques also improve general quality of code, because almost any major bug can be potentially used by a cracker for a Denial of Service or other attack.

Note that the techniques below are not sufficient to ensure security: see the articles computer insecurity and secure computing for more information.


Please expand this article. These random notes should be changed to a more coherent article.

You should never use functions like gets and scanf. or hire someone who will do security audit for you. Crackers are likely to invent new kinds of incorrect data. For example, if you checked if a requested file is not "/etc/passwd", a cracker might pass another name of this file, like "/etc/../etc/passwd".


Books:

External references: