WEB SECURITY ADVISOR
Security issues of using shared code
Mike Chapple, CISSP
07.28.2004
Rating: -3.60- (out of 5)
|
If you've ever written a lot of code, you've probably found yourself thinking, "Someone must have already tackled this problem." You may even have gone a step further and done a Google search for relevant code that you might be able to incorporate into your project. But have you ever stopped to think about the security ramifications of using this type of code? If not, you should!
If you're a security administrator, you should take the time to ensure that you know the source of all of the code running on your systems. If your developers are "borrowing" code from external sources, you need to be aware of the validation procedure used to vet the code before introducing it into your environment and the risks inherent in reusing code. If you're a developer, you need to be clear about the appropriate security procedures to follow when importing code from a third party.
MORE INFORMATION ON SECURE CODE:
Of course, the level of scrut
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
iny that you apply to reused code should vary based upon several factors. Let's take a brief look at the factors you should take under consideration:
Sharing reusable pieces of code is not uncommon. There are entire books and Web sites dedicated to sharing code, either for a fee or at no cost. As paranoid as it sounds, you must assume that any piece of code that you obtain from someone else is designed with malicious intent. After all, as security professionals, it's our job to be paranoid!
About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
