|
As we developed our assessment methodology and studied systems, we
noted the frequent use of risky coding practices.
These coding practices significantly increased the likelihood of
errors that would allow unintended access to a system.
While secure coding practices is a heavily studied area and there
are many good books and courses on the subject, we also found
places, such as in opening a file, where the current best practice
were not as secure as they should be.
-
We developed the
Safefile library,
which determines if a file can be trusted and opens a file securely.
The functions in this library replace the commonly misused
open and fopen family of routines.
|
