|
US$2479.00 ยท In stock
Delivery: <= 12 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 38674-2020: Information security technology - Guideline on secure coding of application software
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 38674-2020 | English | 2479 |
Add to Cart
|
12 days [Need to translate]
|
Information security technology - Guideline on secure coding of application software
| Valid |
GB/T 38674-2020
|
PDF similar to GB/T 38674-2020
Basic data | Standard ID | GB/T 38674-2020 (GB/T38674-2020) | | Description (Translated English) | Information security technology - Guideline on secure coding of application software | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 134,193 | | Date of Issue | 2020-04-28 | | Date of Implementation | 2020-11-01 | | Quoted Standard | GB/T 25069-2010 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | | Summary | This standard specifies a general framework for application software security programming, and guides the application software programming process from the perspective of improving software security. This standard is applicable to the development of application software of client/server architecture, and the development of application software of other architectures can also be used for reference, and necessary security protection measures shall be supplemented according to the characteristics of its application environment. | GB/T 38674-2020: Information security technology - Guideline on secure coding of application software
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
(Information Security Technology Application Software Security Programming Guide)
ICS 35.040
L80
National Standards of People's Republic of China
Information Security Technology Application Software Security Programming Guide
2020-04-28 release
2020-11-01 implementation
State Administration of Market Supervision and Administration
Issued by the National Standardization Management Committee
Contents
Foreword I
1 Scope 1
2 Normative references 1
3 Terms and definitions, abbreviations 1
3.1 Terms and definitions 1
3.2 Acronyms 3
4 Overview 3
5 Safety function realization 4
5.1 Data cleaning 4
5.2 Data encryption and protection 5
5.3 Access Control 6
5.4 Log Security 8
6 Code for security 9
6.1 Object-oriented program security 9
6.2 Concurrent program security 10
6.3 Function call security 10
6.4 Exception handling security 11
6.5 Pointer safety 11
6.6 Code generation security 11
7 Resource Use Security 12
7.1 Resource management 12
7.2 Memory management 12
7.3 Database Management 13
7.4 File management 13
7.5 Network transmission 14
8 Environmental Security 15
8.1 Use of third-party software security 15
8.2 Development Environment Security 15
8.3 Operating Environment Safety 16
Appendix A (Informative Appendix) Code Example 17
A.1 Overview 17
A.2 Implementation of security functions 17
A.3 Code for security 48
A.4 Security of resource use 98
A.5 Environmental safety 129
References 131
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some content of this document may involve patents. The issuer of this document does not assume responsibility for identifying these patents.
This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This standard was drafted by. National Computer Network Emergency Technology Processing Coordination Center, Beijing University of Posts and Telecommunications, Beijing Qihoo Test Security Technology
Co., Ltd., China Electric Power Research Institute Co., Ltd., Shanghai Computer Software Technology Development Center, Haitong Securities Co., Ltd., Beijing
Bank Co., Ltd., National Engineering Research Center for Information Security Common Technologies.
The main drafters of this standard. Shu Min, Wang Bo, Wu Qian, Wang Wenlei, Huang Yuanfei, Zhang Jiawang, Lin Xingchen, Chen Yu, Wang Pengpin, Li Yanwei, Gao Qiang,
Yang Peng, Chen Liang, Fan Lejun, Zhang Xiaona, Du Wei, Xia Jianfeng, Li Ye, Zhang Miao, Xu Guoai, Guo Yanhui, Li Qi, Yang Xinyu, Wang Chenyu, Ge Huihan,
Huang Yonggang, Han Jian, Zhang Lei, Wang Yanjie, Hu Jianxun, Li Ling.
Information Security Technology Application Software Security Programming Guide
1 Scope
This standard proposes a general framework for application software security programming, and conducts the application software programming process from the perspective of improving software security
guide.
This standard is applicable to application software development of client/server architecture.
Supplement the necessary safety protection measures according to the characteristics of its application environment.
2 Normative references
The following documents are essential for the application of this document. For dated references, only the dated version applies to this article
Pieces. For the cited documents without date, the latest version (including all amendments) applies to this document.
GB/T 25069-2010 Information Security Technical Terms
3 Terms and definitions, abbreviations
3.1 Terms and definitions
The terms and definitions defined in GB/T 25069-2010 and the following apply to this document. For ease of use, the following list is repeated
Certain terms and definitions in GB/T 25069-2010.
3.1.1
Buffer overflow
Write content that exceeds the length of the program's buffer, thereby destroying the program stack and turning the program to execute other instructions to obtain the program
Control of the sequence or system.
3.1.2
Command injection
Through the application program, the malicious content input by the user is spliced into the command and submitted to the background engine to perform the attack.
3.1.3
Application software log
A collection of files used to record system operation events.
3.1.4
Threadsafe
When a function or function library is called in a multi-threaded environment, it can correctly handle shared variables between multiple threads to make the program function
Ability to execute correctly.
3.1.5
Threads synchronization
A mechanism by which multiple threads control the execution order between threads by specific means.
Note. When a thread is operating on memory, other threads cannot perform operations on the memory address until the thread operation is completed.
The thread is set to wait.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 38674-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 38674-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 8 ~ 12 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 38674-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 38674-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|