Introduction to Secure Coding Guide
Contents:
Organization of This Document
See Also
Secure coding is the practice of writing programs that are resistant to attack by malicious or mischievous people or programs. Secure coding helps protect a user's data from theft or corruption. In addition, an insecure program can provide access for an attacker to take control of a server or a user's computer, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users.
This document discusses several common sources of vulnerability in programs and gives advice on how to avoid them, with special emphasis on programs that run on the Mac OS X, Mac OS X Server, and iPhone OS operating systems. If you write code that runs on Macintosh computers or on iPhone OS devices, from scripts for your own use to commercial software applications, you should be familiar with the information in this document.
Organization of This Document
This document starts with the following three introductory articles:
“The Security Landscape” describes the nature of the problem—how frequent and serious are the attacks on software, who is responsible, and how much damage is done. Read this article if you are not already convinced that it is important to write secure code.
“Types of Security Vulnerabilities” gives a brief introduction to the nature of each of the types of security vulnerability commonly found in software. This article provides background information with which you should be familiar before reading the other articles in the document. If you're not sure what a race condition is, for example, or why it poses a security risk, this article is the place to start.
“Mac OS X and iPhone OS Security Services” provides a brief introduction to the high-level security application programming interfaces (APIs) and user features provided by Mac OS X and iPhone OS. This article is intended as a convenience to those new to Mac OS X or iPhone OS; for a more detailed discussion of these features, see Security Overview.
The following articles in the document discuss specific types of security vulnerabilities in some detail. These articles can be read in any order, or as suggested by the software development checklist in “Developing Secure Software.”
“Avoiding Buffer Overflows” describes the various types of buffer overflows and explains how to avoid them.
“Validating Input” discusses why and how you must validate every type of input your program receives from untrusted sources.
“Avoiding Race Conditions and Insecure File Operations” explains how race conditions occur, discusses ways to avoid them, and describes insecure and secure file operations.
“Elevating Privileges Safely” describes how to avoid running code with elevated privileges and what to do if you can't avoid it entirely.
“Application Interfaces That Enhance Security” discusses how the user interface of a program can enhance or compromise security and gives some guidance on how to write a security-enhancing UI.
The final article is of general interest to all Macintosh programmers:
“Developing Secure Software” discusses some of the security factors you should consider when planning a software project, and provides a checklist you can use to help ensure that your code is secure. This article can help you organize your work and also provides entry points into the remaining articles in the document. This article is recommended reading for everyone.
See Also
This document concentrates on security vulnerabilities and programming practices of special interest to developers using Mac OS X or iPhone OS. For discussions of secure programming of interest to all programmers, see the following books and documents:
See Viega and McGraw, Building Secure Software, Addison Wesley, 2002; for a general discussion of secure programming, especially as it relates to C programming and writing scripts.
See Wheeler, Secure Programming for Linux and Unix HOWTO, available at http://www.dwheeler.com/secure-programs/; for discussions of several types of security vulnerabilities and programming tips for UNIX-based operating systems, most of which apply to Mac OS X.
See Cranor and Garfinkel, Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, 2005; for information on writing user interfaces that enhance security.
For documentation of security-related application programming interfaces (APIs) for Mac OS X (and iPhone OS, where noted), see the following Apple documents:
For an introduction to some security concepts and to learn about the security features available in Mac OS X, see Security Overview.
For information on secure networking, see Secure Transport Reference and CFNetwork Programming Guide.
For information on Mac OS X authorization and authentication APIs, see Authorization Services Programming Guide, Authorization Services C Reference, andSecurity Foundation Framework Reference.
If you are using digital certificates for authentication, see Certificate, Key, and Trust Services Reference (iPhone OS version available) and Certificate, Key, and Trust Services Programming Guide.
For secure storage of passwords and other secrets, see Keychain Services Reference (iPhone OS version available) and Keychain Services Programming Guide.
© 2008 Apple Inc. All Rights Reserved. (Last updated: 2008-05-23)