Making sure applications run secure code is an important facet of how administrators can protect their networks. This is one topic covered during the April 18, Peer 2 Peer.

Jordan Wiens, senior network security engineer, gave a 50-minute presentation on ways developers can code securely to prevent various exploits. Items discussed included SQL injections and error messages.

"There's a fair amount of security risk when building applications," said Wiens. "It's important to always think about security and how code can be broken when programming."

For example, when an error message appears, that error message can contain cryptic information and give the bad guy at the other end information on the types of services that are run which will make it easier for them to break in, Wiens said. It's important to make sure this information isn't revealed.

When accepting data during logins and other authentication spots, administrators need to be careful about what types of characters they accept. An example of this would be accepting ampersands. Two ampersands in a row will sometimes run both commands presented in some operating systems. So though the first ampersand is running the command the developer applied to it, the second command could be running a separate, malicious action that can go undetected.

To be safe, administrators should only accept the types of characters for which the application is asking, said Wiens. For example, if the application is designed to accept names, then it should also be designed not to accept strange characters such as asterisk or percent sign since names do no include these.

A recording of this presentation can be found at: http://www.at.ufl.edu/p2p/archive.htm and accompanying slides can be found at: http://infosec.ufl.edu/literature/appsec/.