Defensive Scripting
Introduction
Defensive scripting is a complex example of a defensive security design which is mainly intended to ensure that a piece of software or network solution can continue performing is desired functions under unforeseen circumstances. Most cases where defensive scripting is considered crucial and important is where safety, high availability and security is required. Defensive scripting is an approach highly recommended to developers and security experts to adopt for it improve software source code design and the software performance in terms of its security (Gupta, 2014). Furthermore, it improves by making sure that a network or software behaves in a predictable custom which can easily be analysed, understood and acted upon to improve on its security or mitigate against a threat.
Defensive scripting also makes code audit approval for source codes a much easier process for the source codes are designed to be much more comprehensible, in that it is much more understandable and readable to all personnel with the necessary access authorization. Overly, defensive scripting is also used in safeguarding company assets against errors, or vulnerabilities which may not be immediately identified, or ever encountered. Thus, incurring both maintenance and run-time costs, while improving on its security. Additional important aspects concerning defensive scripting that users should take notice of in the field of software development is that;
- Defensive scripting is an easy concept to define in abstract terms.
- It is often a difficult aspect, concept and practice for most beginners to grasp.
- It is not easy to define beyond its insignificant examples, and most specific rules.
- Once it is internalized, its implementation process becomes rather easy.
With regards to its abstract rationale, defensive scripting may majorly be viewed in the setting of: In most security incentive systems, it is barely sufficient to produce source codes which only covers instance under “good-weather scenarios.” Instead, during processes such as the implementation of functionality and the design of interfaces, it is highly recommended that security experts should always take into consideration various cases which could potentially go wrong, and as such incorporate respective and reliable countermeasures (Mahmoud, 2017). The latter question should not only include possible runtime errors such as memory and data corruption but ensure to address possible vulnerabilities and exploitation possibilities which could be a threat vector to the general integrity of the entire system.
An example of a defensive scripting technique is the use of canonicalization. As technology and security strategies continue to innovate, malicious attackers adapt to this trend by also introducing new attack techniques against organizational data, systems and security devices. For instance, an attacker may decide on conducting their attack by introducing various types of representing incorrect data. For example, in the case of Linux based distribution, a security program may be configured to reject any attempts of access to the files located in “/etc/passwd,” however, after identifying this security policy, an attacker may pass a different variant such as “/etc/. /passwd.” Hence, during the development phase, the use of reputable canonicalization libraries can prove to be very important towards improving security by ensuring to avoid such bugs as a result of non-canonical input.
References
Mahmoud, S. K., Alfonse, M., Roushdy, M. I., & Salem, A. B. M. (2017, December). A comparative analysis of Cross-Site Scripting (XSS) detecting and defensive techniques. In 2017 Eighth International Conference on Intelligent Computing and Information Systems (ICICIS) (pp. 36-42). IEEE.
Gupta, M. K., Govil, M. C., & Singh, G. (2014, May). Static analysis approaches to detect SQL injection and cross-site scripting vulnerabilities in web applications: A survey. In International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014) (pp. 1-5). IEEE.