Summit2008/Sessions/Proposals/Writing Secure Software & Basic Hacking Techniques
Writing Secure Software & Basic Hacking Techniques
Firefox has been known having good security, and it's important to keep up that image. To do so requires techniques for writing secure code. As software hacking evolves, so should the ways we prevent, detect, and fix bugs.
Some basic practices can set the foundation for either writing secure or insecure software. I'll go over these as well as implementation examples.
Threat modeling is the basic process of identifying potential flaws in a program. Using data flow diagrams, it helps make preventing security flaws a visual task that can be a collaborative effort. Using proper, in-depth threat modeling techniques, most high-level design flaws can be avoided altogether.
Stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. This is a basically a checklist that can be used for threat modeling. I'll define each and show some examples.
Specific Firefox Attacks