Application Programming Security Tutorial

This application programming security tutorial is designed to outline some basic considerations when designing software code, checking and reviewing software code for flaws, and testing programs. Each of these areas of software application programming are a skill to itself and there are books written about each subject. The object of this application programming security tutorial is to provide a summary of information for consideration when creating, checking, and testing application program code.

This application programming security tutorial is still under construction and more information will be added as time allows.

There are several areas of concern relating to computer and information security when designing and building software applications. These include:

  • Application review - Evaluates security requirements of the application and determines security controls applied. Controls are listed as questions to determine the level of security the current environment allows for. It lists controls as requirements to show what controls apply to low, medium, or high level of security needs. - applicationreview.rtf
  • Software development - There are many items to be aware of during software development such as buffer overflow and how the program will react to unanticipated input such as letters where numbers should be entered. - Application programming Guide (user input, file dependencies, accounts, storage, program operation) Lists input types and concerns, lists file dependencies and concerns. Lists by category. applicationguide.rtf More advanced than approgguide approgguide.rtf applicationguide.rtf
  • Software testing - Discusses software testing methods, application of known attacks, attacker goal consideration. Lists items that may be attacked. applicationtesting.rtf

These items of concern must be addressed during various phases of the application development project life cycle also known as the system development life cycle (SDLC). The security requirements of the project must be matched against the application security and the server security which supports the application. This tutorial will address these concerns.