Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Security considerations in programming - what do we teach?

Many moons ago, I wrote and presented a security course - and ever since that time I have been acutely aware of the need to consider security in every aspect of system design, program writing and maintenance. And these days - with many of our programs "exposed" to people to run from remote places via the web, with plenty of time to break in and malicious scripting too, the lesson to think secure all the time is more important rather than less so.

On the PHP techniques workshop that I ran last week, we ran a really "low gloss" exercise - I describe it as the most boring practical of the course, but it's also the most important as the specification of the exercise is to set up a page / web site that's robust to stand up to whatever I choose to throw at it, and it behaves nicely in that standing up too.

Our courses - be they PHP courses or Perl courses or any of the half dozen other languages we teach consider security at each stage of the course - and necessarily so, as a system is only as strong as its weakest link. And there are so many aspects to consider - have a look at specialist pages such as [this one] which goes though a lot of things you might not have thought of.

What "keywords" are we talking here - well, I have just been asked to make security "centre stage" on a Perl course and I listed ... Unit testing, testing, source code control and backups. Injection Attacks. Race Conditions. Cardinal Values. File Locking. Denial of Service. Forking and Zombies. Input validation. Environment Variables. Execs and evals. Buffer Overflows and memory leaks. Design for security. Best practise - naturally robust systems. Security reviewing other code. And those are the general aspects. Add to that the Perl specifics ... Tainting. Real, effective ID and suidperl. Cleaning up your path. Backtics, evals, execs and subshells. Command line switches. Unicode. Public, protected, private - not in Perl; OO Perl security issues. Regular expressions. Magic in opens, globs, and other wild cards. Temporary files, lock files and file locking. Database transactions. Networking matters, process forking and threads. Sorts that give varying results. Resource hogs and efficiency matters.

Realistically "Hello world" type programming examples on our courses aren't concerned with security - but within an hour or two the subject always comes us. I started a Python Course this morning and we were looking at robustness of code and the prevention of user attacks as early as coffee break time.
(written 2010-03-22, updated 2010-03-25)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
P711 - An Introduction to Standards in Perl
  [242] Satisfaction of training - (2005-03-11)
  [668] Python - block insets help with documentation - (2006-04-04)
  [743] How to debug a Perl program - (2006-06-04)
  [945] Code quality counts - (2006-11-26)
  [965] KISS - one action per statement please - Perl - (2006-12-05)
  [1047] Maintainable code - some positive advice - (2007-01-21)
  [1221] Bathtubs and pecking birds - (2007-06-07)
  [1345] Perl and Shell coding standards / costs of an IT project - (2007-09-11)
  [1395] Dont just convert to Perl - re-engineer! - (2007-10-18)
  [1555] Advanced Python, Perl, PHP and Tcl training courses / classes - (2008-02-25)
  [1728] A short Perl example - (2008-07-30)
  [1853] Well structured coding in Perl - (2008-10-24)
  [1863] About dieing and exiting in Perl - (2008-11-01)
  [2375] Designing your data structures for a robust Perl application - (2009-08-25)
  [2875] A long day in Melksham ... - (2010-07-17)
  [3398] Perl - making best use of the flexibility, but also using good coding standards - (2011-08-19)
  [4326] Learning to program - comments, documentation and test code - (2014-11-22)

P609 - Perl - Network Security
  [426] Robust checking of data entered by users - (2005-08-27)
  [2238] Handling nasty characters - Perl, PHP, Python, Tcl, Lua - (2009-06-14)

P222 - Perl - Programming Efficiency and Style
  [1181] Good Programming practise - where to initialise variables - (2007-05-09)
  [2399] Firefighting with Perl - (2009-09-07)
  [2657] Want to do a big batch edit? Nothing beats Perl! - (2010-03-01)
  [4611] Hungarian, Camel, Snake and Kebab - variable naming conventions - (2016-01-03)

H117 - Security in PHP
  [345] Spotting a denial of service attack - (2005-06-12)
  [920] A lion in a cage - PHP - (2006-11-10)
  [947] What is an SQL injection attack? - (2006-11-27)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1387] Error logging to file not browser in PHP - (2007-10-11)
  [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1542] Are nasty programs looking for security holes on your server? - (2008-02-17)
  [1679] PHP - Sanitised application principles for security and useability - (2008-06-16)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1747] Who is watching you? - (2008-08-10)
  [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [2628] An example of an injection attack using Javascript - (2010-02-08)
  [2939] Protecting your images from use out of context - (2010-08-29)
  [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22)
  [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15)
  [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)
  [4642] A small teaching program - demonstration of principles only - (2016-02-08)


Back to
A lovely spring afternoon
Previous and next
or
Horse's mouth home
Forward to
Can my dog eat potatoes? Doggie Dietary Research, and political sleaze!
Some other Articles
Flexible search and replace in Python
New brochures for the Melksham area
The World Company Register - is it another scam?
Can my dog eat potatoes? Doggie Dietary Research, and political sleaze!
Security considerations in programming - what do we teach?
A lovely spring afternoon
Freedom of Information - consideration for web site designers
Stairs
Exception handling in PHP
Car Parking in Melksham
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/2688_Sec ... each-.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb