Writing Secure Code by Michael Howard and David LeBlanc

Sockets are at the heart of any application that communicates using the TCP/IP protocol. The IP protocol and associated transports, such as TCP and UDP, were not designed to meet the threat environments we currently face. However, as we move to IPv6—Internet Protocol version 6, described in the "IPv6 Is Coming!" section later in this chapter—some of these problems will be mitigated. Some of the issues I’ll cover in this chapter include binding your server so that it cannot be hijacked by local users, writing a server that can listen on the network interfaces the user chooses, and managing how you accept connections. I’ll also discuss general rules for writing firewall-friendly applications, spoofing, and host-based ...