I need rules of security code does some of you have it?

Question

1.00/5 (2 votes)

See more:

I want to write a Secure code and I know that there are tones of rules. I tried to look for a neat file, but I found a lot of rules that talk about the Operating System problems of secure...
I want a file that talk only about secure CODE, for code that provied .NET(C# for example).
if you have one, please send it to me!
Thank you very much.

What I have tried:

I tried to look for it in google,
many webside (but maybe I don't know how to look for...).

Posted 16-Oct-18 4:14am

Ayala Finch

Updated 16-Oct-18 7:12am

Add a Solution

Comments

Richard MacCutchan 16-Oct-18 10:35am

It all depends what you mean by "secure code".

MadMyche 16-Oct-18 10:36am

You will need to provide some more information on the context of a "Secure Code". Are we talking a general purpose password, a 4 or 5 digit PIN, methods of encryption, or something completely different.

Ayala Finch 20-Oct-18 17:35pm

I am talking about somthing general - pattern - that can check for me if my code is secured.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2018-10-16T04:59:00

It's a very complicated subject, and there is no "neat file" which covers it all so you don't need to think too hard about what you are doing.

Security is hard: because what seems like a secure idea may be major security hole.
For example, how do you store passwords?
Plain text? No, obviously that's a security problem!
So encrypting them is obviously more secure, yes?
No - it's almost exactly as insecure! Why? Because in order to log in, the user (or the app he uses which is the same thing) needs the decryption key - which means that the encrypted data is encrypted by a publicly visible key. Which is not secure at all.

That's one example, and a relatively trivial one with a known solution - but "secure code" requires consideration of everything it is doing, and there are whole books written on most of the individual parts of a secure system, be is a login mechanism, or a OS, or a bank payment system.
There is no "quick guide" which covers everything because it's a huge, complex subject that is heavily interdependent.

Start thinking about what you are doing, and then look for books covering the security aspects of that. Or better, employ someone who already has a proven track record in this, then read the books so you can start to follow why he does things the way he does!

W∴ Balboos, *GHB* · Answer 2 · 2018-10-16T06:15:00

Here are some thoughts:

The only secure computer is one that is not connected to anything else.

A hard wired connection between systems already provides a way in and a way out - either machine could compromise the other. More machines? More potential for intrusion.

Expand that to wireless and not only do you have the problem with whatever number of systems you are connected to, but the possibility of the wireless traffic being intercepted.

As a simple start, there are two main security problems:

Intrusion - someone can get into your systems and its content
Interception - someone can monitor your system traffic content

There are many ways to try to reduce the weaknesses, like registering specific machines and only letting them have access to the system and validating that for every transaction . . . but it can be faked. Intrusion could be direct or by malware. Interception anywhere along the transmission path.

And, of course, possibly compromised hardware, such a the recent exposure of Chinese manufactured chips with the vulnerability built in. You lost before you started.

It's an endless war as new security methods come out they become targets and eventually vulnerable.

Patrice T · Answer 3 · 2018-10-16T07:13:00

Quote:
I need rules of security code does some of you have it?

Rules of security codes does not exist by themselves because secure code does not exist by itself.
Security exist only against a threat and the way to secure a piece of code depend on the threat.
The simple fact of using C# instead of C or C++ is already an action to make code secure against memory leaks.
SQL injection is another threat, and solution is different.
Using unit testing is a security action.
threats are endless.

[Update]
C# and .net are safe against programmer mistakes like memory management and leaks.
I guess your main treat is user mistakes: the solution is usually to check every user inputs against constraints like alpha, number or empty.
If you use an SQL database, protect it against 'SQL Injection'

I need rules of security code does some of you have it?

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0