An Investigative Study on Secure Coding Practices with Shell Scripting

Year : 2024 | Volume :11 | Issue : 01 | Page : 16-23
By

Yamuna Mundru,

Manas Kumar Yogi,

  1. Assistant Professor Computer Science and Engineering-AI & ML Department, Pragati Engineering College (Autonomous), Surampalem Andhra Pradesh India
  2. Assistant Professor Department of Computer Science and Engineering, Pragati Engineering College (Autonomous), Surampalem Andhra Pradesh India

Abstract

This investigative research delves into secure coding practices within shell scripting, aiming to reduce prevalent security vulnerabilities and improve the overall security stance of shell scripts. It emphasizes three key areas: static analysis, dynamic analysis, and manual code review. Through static analysis, the code structure, usage of unsafe functions, and potential vulnerabilities are examined without executing the script. Dynamic analysis entails running the script in controlled settings to detect runtime vulnerabilities and behaviors. Manual code review entails an in-depth inspection of code logic, input validation, and error handling. The study compares its findings with established secure coding guidelines, including input validation, proper quoting, error handling, and the principle of least privilege. The effectiveness of recommended best practices and mitigation strategies is assessed through practical implementation and testing. By following these methodologies, developers can identify and address security vulnerabilities in shell scripts, ensuring the integrity, confidentiality, and availability of systems and data.

Keywords: Shell scripts, secure, coding, weakness, incidents, attack

[This article belongs to Journal of Advances in Shell Programming(joasp)]

How to cite this article: Yamuna Mundru, Manas Kumar Yogi. An Investigative Study on Secure Coding Practices with Shell Scripting. Journal of Advances in Shell Programming. 2024; 11(01):16-23.
How to cite this URL: Yamuna Mundru, Manas Kumar Yogi. An Investigative Study on Secure Coding Practices with Shell Scripting. Journal of Advances in Shell Programming. 2024; 11(01):16-23. Available from: https://journals.stmjournals.com/joasp/article=2024/view=146230



References

  1. Dai T, Karve A, Koper G, Zeng S. Automatically detecting risky scripts in infrastructure code. In Proceedings of the 11th ACM Symposium on Cloud Computing. 2020 Oct 12; 358–371.
  2. Graff M, Van Wyk KR. Secure coding: principles and practices. O’Reilly Media, Inc. United States; 2003.
  3. Seacord RC. The CERT C secure coding standard. Pearson Education. India; 2008 Oct 14.
  4. Gasiba TE, Lechner U, Pinto-Albuquerque M, Mendez D. Is secure coding education in the industry needed? An investigation through a large scale survey2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering Education and Training (ICSE-SEET), Madrid, ES, 2021, pp. 241-252, doi: 10.1109/ICSE-SEET52601.2021.00034.
  5. Payne BR, Walker AR. Motivating secure coding practices in a freshman-level programming course. In InfoSecCD. 2014 Oct 11; 1–1.
  6. Rahman A, Rahman MR, Parnin C, Williams L. Security smells in ansible and chef scripts: A replication study. ACM Trans Softw Eng Methodol (TOSEM). 2021 Jan 20; 30(1): 1–31.
  7. Wheeler DA. Secure programming for Linux and Unix HOWTO. 1999.
  8. Bosman E, Bos H. Framing signals-a return to portable shellcode. In 2014 IEEE Symposium on Security and Privacy. 2014 May 18; 243–258.
  9. Ferrer F, More A. Towards Secure Scripting Development. In III Workshop de Seguridad Informática (WSegI 2011) (XL JAIIO, Córdoba, 29 de agosto al 2 de septiembre de 2011). 2011.
  10. Rights RF. Secure Coding. Practical steps to defend your web apps. USA: SANS Institute; 2007.
  11. Aderhold M, Cuéllar J, Mantel H, Sudbrock H. Exemplary formalization of secure coding guidelines. TU Darmstadt and Siemens AG, Tech Rep. 2010 Mar 3.
  12. Ankolekar VL. Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach. Option. 2003 Nov 10; 1: 10.
  13. Hortlund A. Security smells in open-source infrastructure as code scripts: A replication study. Thesis. Sweden: Karlstad Business School; 2021.

Regular Issue Subscription Review Article
Volume 11
Issue 01
Received April 24, 2024
Accepted May 7, 2024
Published May 16, 2024