Apple updates “Secure Coding Guide”
Security is not something that can be added to software as an afterthought; just as a shed made out of cardboard cannot be made secure by adding a padlock to the door, an insecure tool or application may require extensive redesign to secure it. You must identify the nature of the threats to your software and incorporate secure coding practices throughout the planning and development of your product.
This chapter explains the types of threats that your software may face. Other chapters in this document describe specific types of vulnerabilities and give guidance on code hardening techniques to fix them.
The latest update of Apple’s “Secure Coding Guide” contains following changes:
- Added information about non-executable stacks and heaps, address space layout randomization, injection attacks, and cross-site scripting.