provided by: 
Originally published at Internet.comA very important, well known, yet too often lightly dismissed problem in software security is that of trust management. There are many parties involved in the building and deployment of a software product (even if there's only one developer), and the entities that interact with the resulting system are even more, and often with diverse interests. Among these entities there necessarily exists a complicated network of explicit and implicit trust relationships, which in all but the simplest situations is too difficult (often impossible) to analyze. The problem, of course, dwells in the fact that links in this trust relationship network are vulnerable to abuse if their role and importance has been underestimated in the development process. Thus, the challenge that developers face is that of balancing the amount of effort invested in analyzing all possible interactions with their software and the desired level of reliability and security of their product. If these two objections could be quantified, their values would be inversely proportional to each other.
A thorough examination of trust management issues in software security could easily constitute a multivolume work by itself, and there is a lot of related research underway. For a good general introduction to the subject, consult [1] and Chapter 13 of [2]. This article will focus on one particular aspect of the problem - that of proper input validation. The article has two objectives. The first goal is to introduce the reader to the problem and to discuss some relevant secure programming techniques. The second objective is to confront the question "How can software be designed and implemented to withstand malicious input attacks?" The high-level scripting language Perl and the GNU/Linux platform will be used to illustrate key implementation ideas, but most of the discussion will be applicable to any other development environment...
Read article at Internet.com site