4 Code constructs promoting security

 

This chapter covers

    • How immutability solves security problems
    • How fail-fast contracts secure your design
    • Types of validation and the order in which to do them

    As developers, we’re constantly reminded about priorities and deadlines. Cutting corners and dirty hacks are sometimes part of reality that we must accept—or are they? The truth is, at the end of the day, you decide what syntax to use, what algorithms to apply, and how to steer the flow of execution. If you truly understand why certain code constructs are better than others, then using them becomes second nature and no more time-consuming than writing bad code. The same applies to security. Attackers don’t care about deadlines or priorities—a weak system is exploitable, regardless of why or under what circumstances it was built.

    We all share the responsibility of designing secure software. In this chapter, you’ll learn why that doesn’t take any longer than building weak, exploitable software. To this end, we’ve organized this chapter into three sections, each discussing different strategies to solve security problems you might encounter in your daily work (table 4.1).

    Table 4.1 Problem areas addressed (view table figure)
    Section Problem area
    Immutability Security problems involving data integrity and availability
    Failing fast Security problems involving illegal input and state
    Validation Security problems involving input validation

    4.1 Immutability

    4.1.1 An ordinary webshop

    4.2 Failing fast using contracts

    4.2.1 Checking preconditions for method arguments

    4.2.2 Upholding invariants in constructors

    4.2.3 Failing for bad state

    4.3 Validation

    4.3.1 Checking the origin of data

    4.3.2 Checking the size of data

    4.3.3 Checking lexical content of data

    4.3.4 Checking the data syntax

    4.3.5 Checking the data semantics

    Summary

    sitemap