From: W Date: Fri, 25 Nov 2016 09:57:42 +0000 (+0100) Subject: add centralization comments X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=bbd53815ca081140fc8b22e9b4f2790bbad20528;p=ssproject1617.git add centralization comments --- diff --git a/report/reflection.secure_development.tex b/report/reflection.secure_development.tex index b190d8e..4729d43 100644 --- a/report/reflection.secure_development.tex +++ b/report/reflection.secure_development.tex @@ -21,5 +21,20 @@ disadvantages, and the disadvantage here is that such an approach would increase development time. This would also require more careful planning of the development of the application. -% Last section, lets try to end with some deep insight. +% Centralize user input +Another improvement which would streamline the security audit would be to +centralize the locations in which user input is handled. By doing this the whole +class of vulnerabilities which stems from the handling of user input could be +neutralized to an extent. This would be a relatively easy change in the +development process with comparatively big security benefits. +% Centralize application output +In the same category; during development the application could be designed in +such a way that all dynamic output is sanitized before outputting it to the +user. This would create another defense{-}in{-}depth layer for handling +attacker controlled input. + +% Use working frameworks +To achieve the last two points one could use a framework verified to be secure, +the security reviewers could then spend less time on verifying the framework and +more on the implementation of the specific features of this application.