Hardcoded storage Flashcards
What is hard coding
Data is directly embedded into the source code of a program as opposed to obtaining the data from external sources(files or databases) or generating it at runtime
What piece of information do hard-coded data usually represent?
unchanging pieces of information, such as physical constants, version numbers and static text elements
What does soft-coded data encode?
Information like user input, HTTP server responses, or configuration files, determined at runtime
How can hard coded data be modified?
By editing the source code and recompiling the executable
Advantages of hard-coded storage
Fast delivery of code - it can resolve, in the short term, the pressure to deliver code
Disadvantages of hard-coded storage
Considered an anti-pattern.
Hard to adapt
Hard to internationalise
Raises security vulnerabilities
What is the source code disclosure issue?
When the code of the web application is exposed to the public.
Enables attackers to understand how the application behaves by simply reading the code and checking for logical flaws, or hardcoded username/password pairs, or secret keys.
Severity depends on how much code is exposed and how critical the leaked lines of code are for the security of the web application.
Hidden form fields
Used in web pages to pass information about the current page to the server.
For example, if the user fills out an enquiry form, we may want to obtain their IP address using the scripting language PHP.
May also want the URL of the referring page
What do hidden fields allow us to send?
All kinds of information, along with form data entered by a user, without the user having to be involved in the process.
Can also be used to pass information back to scripts - may include security tokens or name of a relevant entry in a database
Software reverse engineering
Involves reversing a programs machine code back into the source code that it was written in, using a program languages statements.
Why is software reverse engineering, to retrieve the source code of a program, done?
Source code lost
Study how program performs
Improve performance
Fix a bug
Identify malicious content in a program such as a virus
Adapt a program written for use with one microprocessor for use with another
Will hardcoded data be revealed when software reverse engineering?
Yes, hardcoded data will be revealed
Embedded environment variables
To use forms in flask we need to use a secret key - this secret key is used for securely signing the session cookie
