Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World (Developer Best Practices)

Writing Secure Code

https://www.amazon.com/Writing-Secure-Second-Developer-Pract...

Secure Programming Cookbook for C and C++

http://shop.oreilly.com/product/9780596003944.do

SEI CERT C Coding Standard

https://wiki.sei.cmu.edu/confluence/display/c

The simplest way would be to have your service create the shared memory and specify a DACL in CreateFileMapping that grants regular users read access to the shared memory.

Normal users don't have the create global privilege, but services can have this privilege. If you must have your users create the shared memory and then have the service probe it, you could have an IPC scheme where your user code sends a message to the service containing the file mapping handle, and the service would then call DuplicateHandle to get a reference to it. This would require your service to run with the debug privilege.

The simplest way to create a DACL is to use ConvertStringSecurityDescriptorToSecurityDescriptor, which takes a string in a format called SDDL specifying the ACL.

Writing Secure Code contains an excellent chapter on creating DACL's with SDDL.

// Error handling removed for brevity
SECURITY_ATTRIBUTES attributes;
ZeroMemory(&attributes, sizeof(attributes));
attributes.nLength = sizeof(attributes);
ConvertStringSecurityDescriptorToSecurityDescriptor(
         L"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;IU)",
         SDDL_REVISION_1,
         &attributes.lpSecurityDescriptor,
         NULL);

CreateFileMapping(INVALID_HANDLE_VALUE, &attributes,
              PAGE_READWRITE, sizeHigh, sizeLow, L"Global\\MyObject");

LocalFree(attributes.lpSecurityDescriptor);

"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;IU)" specifies the DACL. D:P means this is a DACL (instead of a SACL . . . you'd rarely use SACL's) followed by several ACE strings which control who gets access. Each one is A (allow) and allows for object and contains inheritance (OICI). The first to grant all access (GA - grant all) to System (SY) and Administrators (BA, built-in administratos). The last grants read (GR) to interactive users (IU), which are users actually logged on to a session.

Once this is done, normal users should be able to call OpenFileMapping to get a handle to the shared mapping, and be able to map it into their process. Since normal users have limited rights on the object, they'll have to be sure to open it and map it for read-access only.

If users need write-acccess, you'd replace GR with GWGR. Note that this isn't secure - a limited user would then be able to modify the shared memory while your service is reading and trying to parse information, resulting in a crash of your service.

Check out Writing Secure Code by Michael Howard and David LeBlanc from Microsoft Press. It's got a lot of good information on secure coding in general as well as a chapter or two specific to web programming. It's a Microsoft book but most of the ideas translate to whatever language you are working in.

Link to Amazon.

Principles to keep in mind if you want your applications to be secure:

• Never trust any input!
• Validate input from all untrusted sources - use whitelists not blacklists
• Plan for security from the start - it's not something you can bolt on at the end
• Keep it simple - complexity increases the likelihood of security holes
• Keep your attack surface to a minimum
• Make sure you fail securely
• Use defence in depth
• Adhere to the principle of least privilege
• Use threat modelling
• Compartmentalize - so your system is not all or nothing
• Hiding secrets is hard - and secrets hidden in code won't stay secret for long
• Don't write your own crypto
• Using crypto doesn't mean you're secure (attackers will look for a weaker link)
• Be aware of buffer overflows and how to protect against them

There are some excellent books and articles online about making your applications secure:

• Writing Secure Code 2nd Edition - I think every programmer should read this
• Building Secure Software: How to Avoid Security Problems the Right Way
• Secure Programming Cookbook
• Exploiting Software
• Security Engineering - an excellent read
• Secure Programming for Linux and Unix HOWTO

Train your developers on application security best pratices

Codebashing (paid)

Security Innovation(paid)

Security Compass (paid)

OWASP WebGoat (free)

Many resources are available, some in question are:

• CERT's C++ Secure Coding Guide
• CERT's C Secure Coding Guide
• The more language-agnostic Writing Secure Code book from Microsoft Press (funny, I know)
• David Wheeler's Secure Programming in Linux/Unix