David A. Wheeler writes "The latest article in my "Secure Programmer" series is now available! This series is a developerWorks series on how to develop secure programs for Linux/Unix. Article #7 is
Secure programmer: Call Components Safely. Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components."
December 28, 2004