If you believe that vendors will discover every problem in their software before others
do, and you believe that those vendors will release patches for those problems in an
expeditious manner, then this chapter is probably not for you. This chapter (and others
in this book) is for those people who want to take at least some measure of control in
ensuring that their software is as secure as possible.
The Software Development Process
We will avoid any in-depth discussion of how software is developed, and instead
encourage you to seek out a textbook on software engineering practices. In many cases,
software is developed by some orderly, perhaps iterative, progression through the following
activities:
??? Requirements analysis What the software needs to do
??? Design Planning out the pieces of the program and considering how they will
interact
??? Implementation Expressing the design in software source code
Gray Hat Hacking: The Ethical Hacker??™s Handbook
336
PART IV
??? Testing Ensuring that the implementation meets the requirements
??? Operation and support Deployment of the software to end-users and
support of the product in end-user hands
Problems generally creep into the software during any of the first three phases.
Pages:
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605