I have a the following four classes for a project .
FTPApplication- Models FTP commands in a modular, extendible way. This abstract class provides
several methods used by both the client and server.
ServerSession- Models an FTP session with a client. Implements methods declared by FTPApplication
from the perspective of an FTP server.
FTPServer- A pseudo FTP server. Accepts client connection and initiates a session.
FTPClient- A pseudo-FTP client. Connects to server and enters a control loop which enables it to
query the server.
I want to make appropriate changes to harden the software system against attack and misuse. How can I do that and what changes do I need to make?
It might help if you explain what kind of vulnerabilities you are trying to mitigate and/or attacks you are trying to defend against.
Also think of how your program might get probed for vulnerabilities. What can you do to minimize the amount of information your program can potentially give to someone probing the app to profile it's attack surface?
Lastly, and this is something that many programmers don't realize, bad code is never secure. Secure code code is always good, clean code. What have you done to ensure that you don't have bad code? Where are your tests?