Welcome back. On one system, there was a program that transmitted strings
to other systems, that system would then execute
what was sent as commands. This program carefully
examined the string sent to the other system
to eliminate a set of metacharacters
that would create security problems on
the remote system. When the system was updated, two new metacharacters
were created. But the set of
metacharacters that the program checked
remain the same, thus the security check failed. The problem was
that the design of the program violated
a basic design principle, check for what is allowed, not what is disallowed. In this module, we're
going to examine eight design principles that
govern secure programming. These principles are ubiquitous
in the security world, and knowing them will help
you both in the design and implementation
of your programs, and then understanding
security in general. At the end of this lesson, you will be able to explain eight design principles that
govern Secure Programming, and apply these
design principles to code situations.
Let's get started.