Sections

About GridPP

Documents

Activities

Management

Wiki

Help Pages

Vulnerability Prevention

Introduction

As well as detecting and handling vulnerabilities found in the middleware, it is important to try and prevent new vulnerabilities being introduced in new code. Therefore, steps should be taken by developers to code securely. Various organisations provide some guidelines for this, and there are numerous books on the subject. Here we point to a few usefull resources.

University of Wisconsin

The Vulnerability Assessment Project at the University of Wisconsin Computer Sciences Department is developing new techniques for vulnerability assessment, evaluating Grid software, and working to educate developers on assessment techniques and secure programming practice. A tutorial on these topics has been produced.

The ISSEG project

The ISSeG project (Integrated Site Security for Grids) was a project co-funded by EU FP6 programme, and aimed to disseminate practical site security recommendations to complement Grid computer security. The ISSeG Developers checklist is a useful 1 page summary of good practice for developers.

General Vulnerability Guide

Prior to EGEE II, a document was produced called Grid Security Vulnerability Detection and Reduction . This document is a little out of date and was one of our earlier attempts to include some developers guidelines. It was regarded as too long, and many of the developers ignored it. Some of the information in it is still usefull.

Best Practices by the PNSC Security Team

PNSC (The Poznan Supercomputing and Networking Center) security team have produced a Security Best Practices document. This includes a large chapter on good practices for developers.

Top 25 Most Dangerous Programming Errors

The SANS Instutute provides information security training and other useful information. In conjunction with various other security organisations they have produced a list of Top 25 Most Dangerous Programming errors. Many of the vulnerabilities found by GSVG result from one of these errors. It is recommended that all developers read this, as a minimum for reducing the new vulnerabilities introduced in the code.

GSVG home

Last modified Fri 13 February 2009 . View page history