T氏法则之Security篇

前言

昨天有兄弟看到我文章里的帖子提到的T氏法则,其实有点吹的成分了哦(很多也都是和同事整理的,也有客户强制要求的),大部分由于很凌乱没有正式的版本,所以先发一部分出来(Security方面的)。由于是欧美项目,所以资料全都是英文版的,各位凑合着看吧。

正文

Input Validation

  1. Is input data validated to ensure that it contains only valid characters?
  2. Is input data validated to ensure that it is within appropriate ranges?
  3. Is validation performed by comparing with "known-good" (as opposed to "known-bad") characters or sequences?

Output Encoding

  1. Is data encoded using HTMLEncode (or similar function) when forwarding to display in the browser?
  2. Is data provided as parameters to a parameterized SQL query (as opposed to concatenation into the query)?
  3. Are steps taken to avoid SQL injection, Cross Site Scripting or other injection attacks (where appropriate)?
  4. When supplying code and data as output, is it unambiguously clear where code and data are separated?

Information Exposure

  1. Do error messages distinguish correctly between information sent to internal and external users?
  2. Are comments and private information removed from transmissions to the user?
  3. Are internal IP addresses masked from external users?
  4. Are debug pages, and unused pages removed from the deployed web site?
  5. Is debug and tracing code disabled, with no ability for unauthorized parties to use it or enable it?

Client-Side Security

  1. Are security measures such as input validation implemented on the server-side?
  2. Are all security measures implemented on the client-side backed by equivalent or greater measures on the server-side?
  3. Has the application (or changed components) been tested with custom clients that ignore client side restrictions?

Poor Use of Cryptography

  1. Have cryptography choices (key sizes, algorithms, etc.) been reviewed and approved by Policymakers?
  2. Are cryptographic elements configurable to change key sizes, choice of algorithms, etc.?
  3. Is the cryptography implementation a widely-available library (as opposed to a custom solution, or developed in-house)?
  4. Is provision made for regular key rotation? Emergency key changes?

Thinking Only About Features

  1. Has the application been tested by trying to feed it invalid input?
  2. Have there been any tests attempting to use SQL Injection, Cross-Site Scripting, etc.?
  3. Has the application been written to reject incorrect or malicious data?
  4. Does the application alert its operators about potential malicious behavior on the part of its users?
  5. Does the application alert its operators about (mis-)configurations that reduce its security level?
  6. Has the application been reviewed to ensure that unauthenticated and unauthorized users are not given more access than is appropriate?

Race Condition

  1. Is the code flexible enough to cope with resource requests completing earlier / later than anticipated?
  2. Are checks on authorization guaranteed to occur before access is granted or resources are fetched?
  3. Is the application able to handle rapidly repeated requests and distinguish correctly between them?
  4. Does the application ensure that connection state is kept out of global / shared variables or memory space?
  5. Are locks, mutexes, semaphores, etc. correctly used to ensure that shared resources are not shared across execution or security contexts?
  6. Has the review team considered changes that will occur if the compiler / optimizer change the order of execution of statements (within its limits)?

Failing Open, Ignoring Failure

  1. Are all return values checked?
  2. Where exceptions are expected, are they all caught?
  3. Is checking of correct input done by “deny by default” (e.g. a “white-list” of correct characters / sequences)?
  4. Are functions communicating failures up through their call stack?
  5. Is the code written to assume that requests are invalid until they prove themselves to be valid?

Failing to Recognize or Enforce Bounds

  1. Are all arithmetic operations guaranteed to not overflow or underflow?
  2. Are buffer overflows actively prevented, either by choice of development environment, language or code checks?
  3. Are classes and libraries used that prevent overflow or underflow (as opposed to classes that do not)?
  4. Are library functions prown to buffer overrun, removed and replaced with?
  5. Does the test plan execute edge cases on boundary checks?
  6. Have you checked the entrance and exit criteria for all loops in the code to ensure that they are correct, and correctly handled?

Not Managing Resources from Creation to Destruction

  1. Does each resource have a complete “story” that allows for a single creation and a single destruction, with managed ‘ownership’ in the middle?
  2. Does the test plan monitor resource usage to detect inappropriate growth in memory usage, open file handles, etc.?
  3. Do object constructors initialize all member variables (if only to a null value)?
  4. Do object constructors avoid using operations that can cause failure?
  5. Are circular references correctly avoided?

Hard-Coded Password/Assuming the Source Code Is Selected

  1. Are all passwords, keys and other secret material removed from source code to configuration files?
  2. Has the executable code been scanned for the clear-text presence of strings that should not be there?
  3. Does the code use a standard, EIS-approved, technique for storing keys in configuration files?
  4. If the source code was given, as a whole, to an attacker, would they still be unable to attack the running program?

Unnecessary Complexity

  1. Is the code clear to read and understand, even without looking at the comments?
  2. Do the comments correctly describe the behavior of the source code?
  3. Do the comments completely describe the behavior of the source code?
  4. Are any hidden / surprising / clever behaviors of the source code explained in comments?
  5. Are the comments up to date?
  6. Have all unexecuted portions of code been removed?
  7. Are function and variable names clear and meaningful?

Static Code Analysis

  1. Has the code been analyzed with static code analysis tools that are configured to find security flaws?
  2. Have all new reports of possible security flaws been remediated correctly?

版权声明:本文为博主http://www.zuiniusn.com原创文章,未经博主允许不得转载。

时间: 2024-11-10 01:17:05

T氏法则之Security篇的相关文章

大熊君说说JS与设计模式之(门面模式Facade)迪米特法则的救赎篇------(监狱的故事)

一,总体概要 1,笔者浅谈 说起“门面”这个设计模式其实不论新老程序猿都是在无意中就已经运用到此模式了,就像我们美丽的JS程序员一样不经意就使用了闭包处理问题, 1 function Employee(name) { 2 var name = name; 3 this.say = function () { 4 console.log("I am employee " + name) ; 5 } ; 6 } 代码中“say”是一个function,Employee也是一个functio

罗伯特·科赫

海因里希·赫尔曼·罗伯特·科赫(德语:Heinrich Hermann Robert Koch,1843年12月11日-1910年5月27日),德国医师兼微生物学家,因发现炭疽杆菌.结核杆菌和霍乱弧菌而出名,发展出一套用以判断疾病病原体的依据——科赫氏法则.对于结核病的研究使科赫于1905年获得诺贝尔生理学或医学奖,被视为细菌学之父. 以他命名的海因里希·赫尔曼·罗伯特·科赫奖是德国医学最高奖. 目录 1 生平 2 参考文献 3 参见 4 外部链接 生平 科赫出生在德国小城克劳斯塔尔,父亲为矿业

大型网站之网站静态化(综合篇)

原文:http://blog.jobbole.com/84200/ http://blog.jobbole.com/84328/ 一.简介 网站的web前端要实现高效,第一个要解决的短板就是网络的延迟性对网站的加载效率的影响,当然很多人会说网速快不快这是网络运营商的问题,不是网站的问题,但是大家肯定也见过就算我们用上了千兆宽带也会有些网站加载速度慢的让人无法忍受,网站本身的确是没法控制网络速度的能力,但是如果我们不降低网络对页面加载效率的影响,其他任何优化网站的手段也就无从谈起,原因就是网络效率

诗经 全文

诗经 全文 (带注释和译文) http://www.edu009.com/Article/HTML/Article_60756.html <诗经> 春秋·孔丘 <诗经>是我国第一部诗歌总集,先秦时代称为“诗”或“诗三百”,孔子加以了整理.汉武帝采纳董仲舒“罢黜百家,独尊儒术”的建议,尊“诗”为经典,定名为<诗经>. <诗经>现存诗歌 305 篇,包括西周初年到春秋中叶共 500 余年的民歌和朝庙乐章,分为风.雅.颂三章. “风”包括周南.召南.邶.鄘.卫.王

信道极限容量

任何实际的信道都不是理想的,在传输信号时会产生各种失真以及带来多种干扰. 数字通信的优点就是在接受端只要能够从失真的波形识别出原来的信号,那么这种失真对通信质量就没有影响. 上图中信号通过实际信道后虽然有失真,但在接收端还可以识别出原来的码元. 上图中,通过信道后,码元的波形已经严重失真,接收端已经不能识别码元时0还是1. 码元传输速度越高,或信号传输的距离越远,或噪声干扰越大,或传输媒体质量越差,在信道的接收端,波形的失真就越严重. 影响信道上的数字信息传输速率的因素有两个:码元的传输速度和每

Python 变量作用域 LEGB

回顾 - Decorator 前篇有讲到了, 闭包和装饰器的概念. 闭包就是, 函数内部嵌套函数. 而 装饰器只是闭包的特殊场景而已, 特殊在如果外函数的参数是指向一个, 用来被装饰的函数地址时(不一定是地址哈, 随意就好) , 就有了 "@xxx" 这样的写法, 还是蛮有意思的. 装饰器的作用是 在不改变原函数的代码前提下, 额外给原函数填写新功能. 写法上来看, 还是比较简洁优雅的. 装饰器的通俗写法 # 装饰器的通用写法 def out(func): def inner(*arg

android APK反编译与再编译31m

反编译首先要安装的软件有:,,反编译软件后面和这个压缩包,把里面的东西解压到下面,,前期工作完成.这里以反编译和编译为例,运行,用命令定位到所在目录输入:回车这个命令,是工具,后面的是反编译,最后面的是反编译以后的文件放到当前目录的文件夹里面编译然后可修改的相关文件,修改完后重新编译软件回到,输入:回车是编译的意思,是之前反编译的文件夹编译好以后,到里面的文件夹内,会看到一个的,这个就是我们重新编译好的了.(注:这是未签名的) http://weibo.com/20180109PP/100160

[再寄小读者之数学篇](2014-06-20 求极限-L&#39;Hospital 法则的应用)

设 $f\in C[0,+\infty)$, $a$ 为实数, 且存在有限极限 $$\bex \vlm{x}\sez{f(x)+a\int_0^x f(t)\rd t}. \eex$$ 证明; $f(+\infty)=0$. 证明: 记 $$\bex F(x)=e^{ax}\int_0^x f(t)\rd t, \eex$$ 则 $$\bex F'(x)=e^{ax}\sez{f(x)+a\int_0^x f(t)\rd t}, \eex$$ $$\bex \vlm{x}\cfrac{F'(x)

【OAuth2.0】Spring Security OAuth2.0篇之初识

不吐不快 因为项目需求开始接触OAuth2.0授权协议.断断续续接触了有两周左右的时间.不得不吐槽的,依然是自己的学习习惯问题,总是着急想了解一切,习惯性地钻牛角尖去理解小的细节,而不是从宏观上去掌握,或者说先用起来(少年,一辈子辣么长,你这么着急合适吗?).好在前人们已经做好了很好的demo,我自己照着抄一抄也就理解了大概如何用,依旧手残党,依旧敲不出好代码.忏悔- WHAT? 项目之中实际使用OAuth2.0实现是用的Spring Security OAuth2.0,一套基于Spring S