Secure Coding mailing list archives
Re: Strategies for teaching secure coding practices
From: Steve Litt <slitt () troubleshooters com>
Date: Fri, 12 Dec 2003 18:02:01 +0000
On Friday 12 December 2003 10:05 am, you wrote:
I am a recent subscriber to this list and also an educator. I teach primarily undergraduate courses, often the first and second semester courses, and I am very interested to hear from the list what you all consider to be important "secure coding" topics to cover in these first-year classes. Also, what topics to you feel should be covered in an undergraduate curriculum but later than the first year?
1. If you must use pointers or memory copies, be very, very careful! 2. When accepting user input, test it. 3. Never let the user write in the name of a process or subroutine to run. 4. Always truncate excess user input. 5. Permissions 6. How to handle files writeable by CGI 7. Validate all incoming URL's. SteveT
Current thread:
- Strategies for teaching secure coding practices Carl G. Alphonce (Dec 12)
- Re: Strategies for teaching secure coding practices Jose Nazario (Dec 12)
- Re: Strategies for teaching secure coding practices Keith Watson (Dec 12)
- Re: Strategies for teaching secure coding practices Steve Litt (Dec 12)
- Re: Strategies for teaching secure coding practices Andrew Gray (Dec 12)
- Re: Strategies for teaching secure coding practices David Evans (Dec 12)
- Re: Strategies for teaching secure coding practices Dana Epp (Dec 12)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 12)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 13)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 13)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 14)
- Re: Strategies for teaching secure coding practices Brian Chess (Dec 14)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 14)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 13)