大叔手记(13):T氏法则之Security篇

来源:http://www.cnblogs.com/flyingleaf/archive/2011/12/22/2298322.html

很久没逛博客园了,不是博客园的原因,是我很久没有C#的原因了。

昨天逛园子,发现Tom的 大叔手记(12):我的一次面试经历(谈大叔如何应对面试官)我 看的津津有味,一口气读完除了佩服还是佩服。 今天又逛,发现Tom写了一篇昨天的T氏法则,然后饶有兴趣的翻了一下。由于以前没翻过,只是阅读和写一些英语,没想到翻译真不是好玩的事情。虽然很多条 目都是和条目直接相关的,但是既然翻着玩了,还是翻了一部分,除了《Race Condition》部分,其余都有一些汉字。如果错的离谱,希望大家指点。毕竟我搞了4个小时。
By the way,本来想直接贴到 大叔手记(13):T氏法则之Security篇下面的,但是的确太长了。我拷贝进去,却发表不出来。所以贴到我这里了。希望Tom理解,我无意侵犯版权,前面的连接可以作证。 :)
疑问:既然是法则,为什么喜欢疑问句呢?用肯定句不是更合适吗?

Input Validation ****输入验证
Is input data validated to ensure that it contains only valid characters? 输入数据中是否只包含合法的字符?
Is input data validated to ensure that it is within appropriate ranges? 输入的数据是否在正确的范围之内?
Is validation performed by comparing with "known-good" (as opposed to "known-bad") characters or sequences? 是否做过这样的验证,通过和已知正确的字符集或者序列比较来验证数据,而不是和已知错误的来比较?

Output Encoding ****输出编码
Is data encoded using HTMLEncode (or similar function) when forwarding to display in the browser? 当需要输出到浏览器显示的时候,使用的是否是HTML编码(或者类似的功能)?
Is data provided as parameters to a parameterized SQL query (as opposed to concatenation into the query)?作为参数的时候是否使用的是参数化的SQL查询(而不是连接到的查询)? Oh,dear god! I really know nothing about this item.
Are steps taken to avoid SQL injection, Cross Site Scripting or other injection attacks (where appropriate)?是否采用了如下措施去避免SQL注入,跨站脚本攻击和其他注入攻击(在适当的情况下)?
When supplying code and data as output, is it unambiguously clear where code and data are separated?当提供的代码和数据作为输出的时候,是否真正做到了代码和数据的分离?

Information Exposure ****信息披露
Do error messages distinguish correctly between information sent to internal and external users?是否能够区分错误信息和正确的信息,并发送给内部人员和外部人员?(这句没读出来什么意思,按照我的理解来翻的。是否是说关于bug的级别信息,然后应该发送给不同的人员?Maybe,Tom knows。)
Are comments and private information removed from transmissions to the user?在交给用户之前是否已经删掉了评论和私人信息?
Are internal IP addresses masked from external users?内部IP是否屏蔽了外部用户的访问?
Are debug pages, and unused pages removed from the deployed web site?开发网站上是否删除了调试页面和无用的页面?
Is debug and tracing code disabled, with no ability for unauthorized parties to use it or enable it?调试和跟踪功能是否已经关闭,并且不会在未授权的情况下被打开或者使用?

Client-Side Security ****客户端安全
Are security measures such as input validation implemented on the server-side?像输入验证这样的安全措施是否是在服务器端实现的?
Are all security measures implemented on the client-side backed by equivalent or greater measures on the server-side?所有在客户端验的安全施放,在服务器端是否有同等或者更多的措施来作为支撑?
Has the application (or changed components) been tested with custom clients that ignore client side restrictions?应用程序(或者组件)在被客户端测试的时候,是否使用了一些客户端做不到的方法?

Poor Use of Cryptography ****很少使用加密?
Have cryptography choices (key sizes, algorithms, etc.) been reviewed and approved by Policymakers?加密(key的长度,算法等)的选择是否被决策人员审阅和确认过?
Are cryptographic elements configurable to change key sizes, choice of algorithms, etc.?加密中的一些因素,例如Key的长度,算法是否是可配置的?
Is the cryptography implementation a widely-available library (as opposed to a custom solution, or developed in-house)?加密的实现是否是一个广泛使用的库(而不是一个客户的解决方案或者闭门自制的)?
Is provision made for regular key rotation? Emergency key changes?是否提供定期更换Key的功能?紧急情况下Key的修改?(还是别的什么意思?)

Thinking Only About Features ****只关注功能本身
Has the application been tested by trying to feed it invalid input?是否使用过非法的输入去测试应用程序?
Have there been any tests attempting to use SQL Injection, Cross-Site Scripting, etc.?是否使用过SQL注入,跨站脚本攻击等办法去测试?
Has the application been written to reject incorrect or malicious data?应用程序是否考虑到了恶意拒绝和恶意数据?
Does the application alert its operators about potential malicious behavior on the part of its users?如果使用者在过去一段时间内的操作有潜在的破坏行为,应用程序是否会提醒使用者?
Does the application alert its operators about (mis-)configurations that reduce its security level?如果某个操作会降低程序的安全性,应用程序是否会提醒使用者?
Has the application been reviewed to ensure that unauthenticated and unauthorized users are not given more access than is appropriate?未授权用或者未被认证的用户不会获得更多

Race Condition
Is the code flexible enough to cope with resource requests completing earlier / later than anticipated?
Are checks on authorization guaranteed to occur before access is granted or resources are fetched?
Is the application able to handle rapidly repeated requests and distinguish correctly between them?
Does the application ensure that connection state is kept out of global / shared variables or memory space?
Are locks, mutexes, semaphores, etc. correctly used to ensure that shared resources are not shared across execution or security contexts?
Has the review team considered changes that will occur if the compiler / optimizer change the order of execution of statements (within its limits)?

Failing Open, Ignoring Failure ****打开失败,忽略失败
Are all return values checked?是否所有返回值都被处理了?
Where exceptions are expected, are they all caught?所有的异常都能被捕获到吗?
Is checking of correct input done by “deny by default” (e.g. a “white-list” of correct characters / sequences)?是否检查了‘潜规则’认为正确的输入(例如白名单列表)?
Are functions communicating failures up through their call stack?函数调用失败的时候,是否通过调用堆栈来查看错误原因?
Is the code written to assume that requests are invalid until they prove themselves to be valid?代码中是否假设请求都是无效的,直到有正确的请求到达?

Failing to Recognize or Enforce Bounds ****误差和边界检查
Are all arithmetic operations guaranteed to not overflow or underflow?所有的算术运算操作都检查上溢出和下溢出了吗?
Are buffer overflows actively prevented, either by choice of development environment, language or code checks?是否通过选择开发环境、开发语言、代码检查来主动防止缓冲区溢出?
Are classes and libraries used that prevent overflow or underflow (as opposed to classes that do not)?类和库是否有上下溢出检查(而不是不检查)?
Are library functions prown to buffer overrun, removed and replaced with?当库出现缓冲区溢出的时候,是替换掉还是删除?(怪怪的。Prown 做何解?)
Does the test plan execute edge cases on boundary checks?测试计划是否包含边界检查?
Have you checked the entrance and exit criteria for all loops in the code to ensure that they are correct, and correctly handled?确保所有循环的开始和停止条件都是正确的,并且被正确执行了?

Not Managing Resources from Creation to Destruction ****从创建到销毁都没有资源管理?
Does each resource have a complete “story” that allows for a single creation and a single destruction, with managed ‘ownership’ in the middle?在管理从属关系的时候,是否每个资源都有完整的生命周期,是否允许单独创建和单独销毁?(有点乱)
Does the test plan monitor resource usage to detect inappropriate growth in memory usage, open file handles, etc.?是否有测试用例去检查不合理的内存增长,例如文件句柄的打开等?
Do object constructors initialize all member variables (if only to a null value)?是否所有的成员都在构造函数被初始化了(只被赋值为空)?
Do object constructors avoid using operations that can cause failure?是否在构造函数中使用一些可能失败的操作?
Are circular references correctly avoided?是否存在交叉引用?

Hard-Coded Password/Assuming the Source Code Is Selected ****硬编码的密码或者测试代码被选择?
Are all passwords, keys and other secret material removed from source code to configuration files?密码、keys和其他安全相关的材料,所有这些都从代码中迁移到配置文件中了吗?
Has the executable code been scanned for the clear-text presence of strings that should not be there?有可执行代码被当做不应该存在的纯粹的字符串吗? (这么翻对吗?)
Does the code use a standard, EIS-approved, technique for storing keys in configuration files?代码是否使用规范的技术(例如认证的EIS), 把关键信息保存在配置文件中?
If the source code was given, as a whole, to an attacker, would they still be unable to attack the running program?公开所有源代码,正在运行的程序是否依然无懈可击?

Unnecessary Complexity ****没必要搞这个复杂
Is the code clear to read and understand, even without looking at the comments?是否做到了‘代码就是最好的注释’?第二种翻译:代码是否清晰易读,甚至不需要看注释?
Do the comments correctly describe the behavior of the source code?注释和代码是否是一致的?
Do the comments completely describe the behavior of the source code?注释是否涵盖了代码的全部功能?
Are any hidden / surprising / clever behaviors of the source code explained in comments?一些隐藏的、预料之外的、技巧性的东西是否在注释中都有所提及?
Are the comments up to date?注释是最新的吗?
Have all unexecuted portions of code been removed?永远不可能被执行到的代码都被删除了吗?
Are function and variable names clear and meaningful?函数和变量的名字是否清晰并有意义?

Static Code Analysis ****静态代码分析
Has the code been analyzed with static code analysis tools that are configured to find security flaws?代码是否采用静态代码分析工具去查找安全缺陷?
Have all new reports of possible security flaws been remediated correctly?对于所有新发现的可能存在的安全问题,是否都采取了正确的安全补救措施?

©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 203,671评论 6 477
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 85,442评论 2 381
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 150,524评论 0 337
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,623评论 1 275
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,642评论 5 365
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,584评论 1 281
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 37,953评论 3 395
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,621评论 0 258
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 40,865评论 1 297
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,608评论 2 321
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,698评论 1 329
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,378评论 4 318
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 38,958评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 29,940评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,173评论 1 259
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 44,419评论 2 349
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,425评论 2 342