DEFENSIVE SOFTWARE CODING

Introduction

Software coding is the process of transforming computer

instructions into a form a computer can understand. Every
software project operates because programmers write
code. Security of codes and software project from
unforeseen circumstances and accidental security
breaches has been a major treat to software development
hence, the reason for defensive software coding.

Defensive Software Coding

Defensive software (coding) or Programming is the
process of designing and implementing software so that it
continues to function even when under attack. Software
written using this process is able to detect erroneous
conditions resulting from some attack, and to either
continue executing safely, or to fail gracefully. The key rule
in defensive programming is to never assume anything,
but to check all assumptions and to handle any possible
error states.
This definition emphasizes the need to make explicit any
assumptions about how a program will run, and the types
of input it will process.
Again, defensive programming means that the
programmer must carefully check any assumptions
made, check and handle all possible errors, and carefully
check any interactions with existing code. Failure to
identify and manage such interactions can result in
incorrect program behaviour and the introduction of
vulnerabilities into a previously secure program.
 Defensive software coding is a form of defensive
design intended to develop programs that are
capable of detecting potential security abnormalities
and make predetermined responses.
 It is the practice of developing computer software in
such a way that guards against the accidental
introduction of security vulnerabilities in the form of
defects, bugs and logic flaws.
 Through the analysis of thousands of reported
vulnerabilities, security professionals have
discovered that most vulnerabilities come from a
relatively small number of common software
programming errors.
 In all defensive coding practices are often used
where high availability, safety, or security is needed.
 Its approach is to improve software/source code in
terms of:
 General Quality
 Making the source code comprehensible
 Making the software behave in a predictable
manner
 Categories includes:
 Secure programming: this emphasizes the
development of highly secure programs. Sees
software as can fail in certain ways as long as it is
secure from any malicious exploitation attempts
 Offensive programming: its approach is that
errors that should be handled defensively should
 come from outside the applications, such as user
input.

Coding Standards and Guidelines

 The main goal of the coding phase is to code from

the design document prepared after the design
phase through the high-level language and then to
unit testing of this code.
 Each organization usually makes their own coding
standards and guidelines depending on what suits
them.
 Purpose of having coding standards:
○ Coding standard gives a uniform appearance
○ It improves readability, maintainability and
reduces complexity
○ It helps in code reuse and helps to detect error
easily
○ It promotes sound programming practices

Some of the coding standards are:

○ Limit the use of global(s)

○ Standard headers for different modules
○ Naming conventions for local or global variables,
constants & functions
○ Indentation
○ Error return values and exception handling
conventions
 ○ Avoid using a coding style that is too difficult to
understand
○ Avoid using an identifier for multiple purposes
○ Code should be well documented
○ Length of functions should not be very large
○ Try not to use Unconditional statement e.g. GOTO
statement

Code Review, Walkthrough & Inspection

 Code review:
○ This is carried out after a module is successfully
compiled.
○ It is an extremely cost-effective strategy for
reduction of errors and to produce high quality
code.
 There are two types of code reviews techniques:
○ Code walkthrough
○ Code inspection
 Code walkthrough
○ This is an informal code analysis technique
○ Members of the development team are given
the code few days
before the walk-through meeting to read and
understand the code.
○ Its main objective is to discover the algorithmic
and logical errors
in the code

Code walkthrough guidelines:

  Performing team is not is too big or small
(consists of 3 – 7 members)
 Focus is on discovery of errors and not on how to
fix the discovered errors
 Managers should not attend the walkthrough
meetings.

● Code Inspection

 The aim of code inspection is to discover some

common types of errors caused due to oversight
and improper programming
 Some of the programming errors which can be
checked are:
 Use of uninitialized variables.
 Jumps into loops.
 Incompatible assignments.
 Array indices out of bounds.
 Use of incorrect logical operators or incorrect
precedence among operators.
 Improper modification of loop variables.

The Software Assurance Forum for Excellence in Code

(SAFE Code), with a number of major IT industry
companies as members, develop publications outlining
industry best practices for software assurance and
providing practical advice for implementing proven
methods for secure programming, including.

1. Input Validation and Data Sanitization

2. Input Size and Buffer Overflow
3. Interpretation of Program Input
4. Correct Handling of Exceptions and Unexpected
Behaviours
5. The list continues check out this link =➔
https://owasp.org/www-pdfarchive/OWASP_SCP_Q
uick_Reference_Guide_v2.pdf
Examples of Critical Software Failure

As software becomes increasingly important, the potential

impact of bad code will increase to match. Software
defects have caused a lot of devastating effects in the
last few decades. Software failure is very prevalent
everywhere. Here are some examples of cases of software
failure: z

1. Ariane-5 Satellite Launcher: On June 4 1996, there

was total failure of Ariane-5 launcher on its maiden
flight. Approximately 40 seconds after takeoff, the
Ariane-5 rocket launcher was shut down and then
lost control due to software failure resulting from
internal variable exceeding a limit imposed by the
underlying code which resulted in buffer overflow. It
was reported that incorrect control signals were sent
to the engines and these caused swivelled which
caused it to break up and self-destructed. The
software failed and the system and the backup
system shut down. Ironically, the code that failed
was generating information that was not even
necessary as soon as the launch had started.

2. The Therac-25: This is a radiation therapy machine

used to administer drug to patients. The machine
administered massive overdoses of the drug
resulting in the death of patients. This was caused
by software upgrade. The software upgrade allowed
the operator to type faster when entering data. The
 parts of the machine that were not upgraded could
not cope with the speed of data entry, thus causing
the machine to administer the wrong doses. It took
several weeks of intensive investigation to
determine the cause of the problem.
3. The US Navy Ship Yorktown: In 1997, a prototype
US Navy ship while trying to adjust a valve
setting, a sailor mistakenly entered a zero into a
database field; the ship was out of action for
three hours. The fault was caused by a software
failure due to improper input (data) field
validation. The software program that the sailor
was using on Windows NT should have refused to
accept his command but did otherwise, and the
program shut down the system. This is an
operator error. However, the software was not
properly designed. It should have been designed
to recognize and reject an illegal command by
throwing exception.
4. The Marines’ Osprey Crashes: In December 2000,
the US Marine Corps’ new hybrid plane-
helicopter, known as the V-22 Osprey, crashed,
killing four marines. The accident was largely due
to software error.
5. US Telephone Networks Failure: In the summer of
1991, telephone networks in several major United
States cities suffered failure. The problems were
traced to telephone switching software consisting of
 several million lines of code. The potential losses
were enormous.
6. The Bank of New York: On November 20, 1995, the
bank of New York’s securities transaction software
had a storage fault. For about ninety minutes, it lost
information on $32 billion in transactions. The bank
was forced to borrow $23.6 billion from the US
Federal Reserve for a day, at a cost in interest of $5
million. Although the information was later
recovered, the bank’s reputation suffered as
customers began to doubt the bank
7. US Patriot Air Defense Collided with Incoming
Scud Missile: In the 1991 Gulf War, 28 US troops
lost their lives when the Patriot air defense
system collided with an incoming Scud Missile.
The problem was caused by software error
resulting from software upgrade. An upgrade to
deal with missile was made, but at one place in
the upgraded software, a necessary call to the
subroutine was accidentally omitted. Although,
the problem was detected, a warning was issued,
and a software patch dispatched to users more
than a week before the accident occurred. There
was need to reboot the engine occasionally to
correct the error which would have taken only
one minute. There were warnings but the battery
managers refused to heed to the warnings.
 8. And the list continues .......
https://file.scirp.org/pdf/JCC_2014042514514136.
pdf

CWE TOP 25 Most Dangerous Coding Errors

Common Weakness Enumeration (CWE™) is a community-

developed list of software and hardware weakness types.
It serves as a common language, a measuring stick for
security tools, and as a baseline for weakness
identification, mitigation, and prevention efforts. The CWE
listed 25 most Dangerous Coding errors which can be
found here:

i. https://www.sans.org/top25-software-errors/

ii. https://www.grazitti.com/blog/cwe-sans-top-
25-most-dangerous-programming-errors/

Open any of the links to see the list of 25 prevalent coding

/ programming errors.

The solution to coding errors listed above is Defensive

software coding/ Programming.