Pointers and References

When your code points to security problems

One of my post that may later become a book on Secure Code. Also one of my posts on Application Security.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

When I reviewed the blogs for my last book I made serious edits and added additional content in the book. I’m sure this will happen in these blog posts as well. I was grateful to have a security professional I knew review the book. He let me know where I had an egregious typo and had used the wrong word. I knew what I meant in my mind, but the word I used for what I was trying to explain was incorrect. Someone reading my word would have either learned the incorrect definition of the word or at least had a different understanding than I had intended.

You can think of a word like a pointer or reference. The word points to a definition. You will find technical distinctions between a pointers and a references in programming, but both point to something. When your reference or pointer points to the wrong thing, you may have a bug in your application. In some cases, it may also be a security problem. Attackers and unscrupulous programmers may try to manipulate pointers and references, guess them, obtain data, or abuse them in some of the other ways explained in this blog post.