Welcome back. In 1988, the Internet worm broke into a large number of
computers on the ARPANET, the predecessors of
today's Internet. One of the techniques
they've used was to exploit the failure of a server to check the length
of an incoming message, a classic buffer overflow. That was a programming
error and it led directly to the compromise of
a large number of systems. Had the server been written using secure
programming techniques, that vulnerability
would not have existed. This shows the importance
of secure programming. In this module of Principles
of Secure Programming, we will be laying
the foundation for any secure programming project by delving into secure
programming philosophy. We will define concepts
such as secure programming, privilege and protection domain. We'll differentiate between robust versus secure programming, programs which do the job
they were built for versus programs which
conform security policies. Next, we'll examine
security policies and procedures and discuss how they affect
both security and robustness. The latter sections of this
module will shed light on how to find and assess
potential problems in your code. We will discuss tips and
tricks for efficiently checking the design and
implementation of your programs. Finally, we will discuss where to look for vulnerabilities
in your programs. At the end of this lesson, you'll be able to describe key concepts in
secure programming, including robust programming and typical problems in procedures, and generalize from philosophies
of what to watch out for and where to look
for specific situations. We have a lot of ground
to cover so let's begin.