Programming Foundations: Secure Coding

Learn how to incorporate security into the software development life cycle. Add secure coding practices to agile processes to protect data and prevent recurring flaws.

Introduction

• Implement secure code with your team
• What you need to know

1. Security and Risk Overview

• The goal of secure coding
• Understand an attacker
• Break what you build
• Understand your risks
• Document what you understand

2. Web Client Server Interaction Code Issues

• Input validation issues
• Communication channel issues
• Session management issues

3. Thick App and Client-Server Interaction Issues

• Error handling issues
• Logging and output issues
• Internal data management issues
• Configuration issues
• Database issues
• File and I/O issues
• Memory management issues
• Dependency issues

4. Crypto and Security Misuse Issues

• Authentication and password issues
• Authorization and access control issues
• Cryptography issues

5. Security in the SDLC

• Embrace security in design
• Embrace security in development
• Embrace security in testing
• Embrace security in deployment
• Implement best practices

Conclusion

• Next steps