2 cissp ® Official Study Guide Eighth Edition


Avoiding and Mitigating System Failure



Download 19,3 Mb.
Pdf ko'rish
bet812/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   808   809   810   811   812   813   814   815   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Avoiding and Mitigating System Failure
No matter how advanced your development team, your systems will likely fail at some 
point in time. You should plan for this type of failure when you put the software and hard-
ware controls in place, ensuring that the system will respond appropriately. You can employ 
many methods to avoid failure, including using input validation and creating fail-safe or 
fail-open procedures. Let’s talk about these in more detail.
Input Validation
As users interact with software, they often provide information to the 
application in the form of input. This may include typing in values that are later used by
a program. Developers often expect these values to fall within certain parameters. For 
example, if the programmer asks the user to enter a month, the program may expect to see 
an integer value between 1 and 12. If the user enters a value outside that range, a poorly 
written program may crash, at best, or allow the user to gain control of the underlying sys-
tem, at worst.
Input validation
verifies that the values provided by a user match the programmer’s expec-
tation before allowing further processing. For example, input validation would check 
whether a month value is an integer between 1 and 12. If the value falls outside that range, 
the program will not try to process the number as a date and will inform the user of the 
input expectations. This type of input validation, where the code checks to ensure that a 
number falls within an acceptable range, is known as a 
limit check
.


876
Chapter 20 

Software Development Security
Input validation also may check for unusual characters, such as quotation marks within a 
text fi eld, which may be indicative of an attack. In some cases, the input validation routine 
can transform the input to remove risky character sequences and replace them with safe 
values. This process is known as escaping input. 
Input validation should always occur on the server side of the transaction. Any code 
sent to the user’s browser is subject to manipulation by the user and is therefore easily 
circumvented. 
In most organizations, security professionals come from a system admin-
istration background and don’t have professional experience in software 
development. If your background doesn’t include this type of experience
don’t let that stop you from learning about it and educating your organiza-
tion’s developers on the importance of secure coding.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   808   809   810   811   812   813   814   815   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2025
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish