Re: Strategies for teaching secure coding practices

[Crispin Cowan <crispin () immunix com>]

Carl G. Alphonce wrote:


I am a recent subscriber to this list and also an educator.  I teach
primarily undergraduate courses, often the first and second semester
courses, and I am very interested to hear from the list what you all
consider to be important "secure coding" topics to cover in these
first-year classes.  Also, what topics to you feel should be covered
in an undergraduate curriculum but later than the first year?

The overall philosophy of secure coding is to write all code as if any 
code not on the page is out to get you, or at least will do things 
improperly. Check *everything*! Do not assume that the parameters to a 
function will be properly formatted or within bounds. The business with 
string overflows and pointer handling are just instances of this philosophy.



To give you some context, our first-year sequence currently takes an
OO approach, incorporating design patterns and discussions of the
merits of alternative designs.  We also introduce some team-based work
in the second semester, and I am will begin to incorporate test-first
practices (using JUnit) this coming spring semester.

The secure coding philosophy is independent of OO methodologies, but can 
be applied there. Here's some ideas:


   * Object constructors should initialize all fields with valid values.
   * Object methods should *not* assume that objects have been properly
     initialized.
   * Objects are abstract data types, and therefore strong bounds can
     often be placed on valid data values. Insert checks all over the
     place that more tightly restrict data to those valid values.

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/