We have to make it easier for developers to build secure apps, especially Web apps. We can't keep forcing everybody who builds an application to understand and plug all of the stupid holes in how the Web works on their own — and to do this perfectly right every time. It's not just wasteful: it's not possible.
What we need is implementation-level security issues taken care of at the language and framework level. So that developers can focus on their real jobs: solving design problems and writing code that works.
Security Frameworks and Libraries
One option is to get developers to use secure libraries that take care of application security functions like authentication, authorization, data validation and encryption. There are some good, and free, tools out there to help you.
If you're a Microsoft .NET developer, there's Microsoft's Web Protection Library which provides functions and a runtime engine
Originally posted as Taming the Beast
The recent multi-language numerical parsing DOS bug has been named the "Mark of the Beast". Some claim that this bug was first reported as early as 2001.This is a significant bug in (at least) PHP and Java. Similar issues have effected Ruby in the past. This bug has left a number of servers, web frameworks and custom web applications vulnerable to easily exploitable Denial of Service.
The author discussion integers, wraparound and how random numbers may very much be non random if you don't know how to read the manual.
Do we need a quick and dirty PHP Streetfighter API? Something to help lazy developers beat up lazy exploits? Something that can be written in 24hrs and learned in less then 1hr? If you are interested in using it, let me know.
This is a short post, to summarize some of the issues I see with PHP code and the use of MySQL. Not too many people know about these pitfalls and they are given rise to some of the more subtle security issues:
1 - "SQL Overflow"
If a value you insert into a column is too large, it is truncated silently. This can lead to security issues if you don't validate that the submitted string is of the right length.
2 - "Trailing White Space Ambiguity"
Trailing white spaces are removed by MySQL silently. For example, these two queries retrieve the same result:
select role from user where username='Admin';
select role from user where username='Admin '; (note the space at the end).
3 - Unbalanced Comments
Older versions of MySQL allow /* to be used unbalanced. For example,
select now() /* test
will work. Newer versions of MySQL require balanced comments (unbalanced was always "illegal" according to