- Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including commandline arguments, network interfaces, environmental variables, and user controlled files.
Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code [[C MSC00-A], [C+\+ MSC00-A] ].
- Create a software architecture and design your software to implement and enforce security policies. For example, if your system requires different privileges at different times consider dividing the system into distinct intercommunicating subsystems, each with an appropriate privilege set.
- Keep the design as simple and small as possible. Complex designs increase the likelihood that errors will be made in their
implementation, configuration, and use. Additionally, the effort required to achieve an appropriate level of assurance increases dramatically as security mechanisms become more complex. - Base access decisions on permission rather than exclusion means that, by default, access is denied and the protection scheme identifies conditions under which access is permitted.
- Every processes should execute with the the least set of privileges necessary to complete the job. Any elevated permission
should be held for a minimum time. This approach reduces the opportunities an attacker has to execute arbitrary code with elevated privileges.
References
- Seacord 05 Chapter 8.8 Recommended Practices