Introduction to Secure Coding

Secure coding is the practice of writing programs that are resistant to attack by malicious.
Secure coding helps protect a user’s data from theft or corruption.
An insecure program can provide access for an attacker to take control of a server or a user’s computer.
Hacker refers to an expert programmer—one who enjoys learning about the intricacies of code or an operating system
In general, hackers are not malicious. When most hackers find security vulnerabilities in code, they inform the company or organization that’s responsible for the code so that they can fix the problem.
The malicious individuals who break into programs and systems in order to do damage or to steal something are referred to as crackers, attackers, or black hats.

Black hat is used to describe a hacker (or, if you prefer, cracker) who breaks into a computer system or network with malicious intent. Unlike a white hat hacker, the black hat hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose.

White hat describes a hacker who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system s owners to fix the breach before it can be taken advantage by others (such as black hat hackers.)

Most attackers are not highly skilled, but take advantage of published exploit code and known techniques to do their damage
Most software security vulnerabilities fall into one of a small set of categories:
Buffer overflows
Race conditions
Access-control problems
Buffer overflows have been the most common form of security vulnerability.
A buffer overflow occurs when more data are written to a buffer than it can hold. The excess data is written to the adjacent memory, overwriting the contents of that location and causing unpredictable results in a program.
Buffer overflow is an increasingly common type of security attack on data integrity