Week 5 saw an introduction to security programming distributed applications. As I have very little experience in distributed programming it was difficult to understand everything covered in the lecture. The first question posed was, when developing a distributed program, which of the following is best for secure distributed programs:
- Sockets
- Remote Procedure Call [RPC]
- Remote Method Interface[RMI]
- Common Object Request Broker Architecture [CORBA]
One of the key issues with using complex third party libraries is lack of confidence in the code. Many components in a distributed system will be written in C/C++ likely leading to vulnerabilities. We spent some to reading code to look for vulnerabilities, it seems that this will be an imperative skill for anyone pursuing a career in network security. Vulnerabilities in code range from buffer overflows, lack of sanitation allowing for injections, forced deadlocks and sharing of information between processes (ie: XSS).
