{"id":627,"date":"2008-04-10T21:22:36","date_gmt":"2008-04-10T20:22:36","guid":{"rendered":"http:\/\/www.mitternachtshacking.de\/blog\/627-secure-programming-von-sans"},"modified":"2012-06-07T14:49:21","modified_gmt":"2012-06-07T13:49:21","slug":"secure-programming-von-sans","status":"publish","type":"post","link":"https:\/\/www.mitternachtshacking.de\/blog\/627-secure-programming-von-sans","title":{"rendered":"Secure Programming von SANS"},"content":{"rendered":"<p>Das SANS Institute hat unter dem Stichwort <a href=\"http:\/\/www1.sans-ssi.org\/\">SANS Software Security Institute<\/a> eine Reihe von Ressourcen zur sicheren Programmentwicklung zusammengestellt. Dazu geh\u00f6ren einerseits allgemeine Daten wie die <a href=\"http:\/\/www1.sans-ssi.org\/top_three.pdf\">h\u00e4ufigsten Programmierfehler<\/a> (PDF):<\/p>\n<ul>\n<li>Error 1. Accepting input from users without validating and sanitizing the input\n<ul>\n<li>remote file include,<\/li>\n<li>remote command execution, and<\/li>\n<li>SQL injection<\/li>\n<li>cross site scripting (XSS)<\/li>\n<\/ul>\n<\/li>\n<li>Error 2. Allowing data placed in buffers to exceed the length of the buffer<\/li>\n<li>Error 3. Handling Integers Incorrectly<\/li>\n<\/ul>\n<p>Das scheint mir jetzt nichts neues zu sein. Andererseits gibt es dar\u00fcber auch die M\u00f6glichkeit, kostenlose Tests zur sicheren Programmierung der GIAC durchzuf\u00fchren. Aktuell sind C und Java Tests online.<\/p>\n<p>Es lohnt sich meiner Meinung nach, da kurz reinzuschauen.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Das SANS Institute hat unter dem Stichwort SANS Software Security Institute eine Reihe von Ressourcen zur sicheren Programmentwicklung zusammengestellt. Dazu geh\u00f6ren einerseits allgemeine Daten wie die h\u00e4ufigsten Programmierfehler (PDF): Error 1. Accepting input from users without validating and sanitizing the input remote file include, remote command execution, and SQL injection cross site scripting (XSS) Error [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,6],"tags":[],"_links":{"self":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/627"}],"collection":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/comments?post=627"}],"version-history":[{"count":0,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/627\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/media?parent=627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/categories?post=627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/tags?post=627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}