Secure Coding / Secure Software Engineering

Secure Coding

  • CERT Secure Coding Standards (https://www.securecoding.cert.org/This site supports the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl, and the AndroidTM platform. These standards are developed through a broad-based community effort by members of the software development and software security communities.
  • Oracle Secure Coding Stands (https://www.oracle.com/support/assurance/development/secure-coding-standards.html) To ensure that Oracle products are developed with consistently high security assurance, and that developers avoid common insecure coding practices, Oracle employs formal secure coding standards. Oracle Secure Coding Standards are a roadmap and guide for developers in their efforts to produce secure code. They discuss general security knowledge areas such as design principles, common vulnerabilities, etc. and provide specific guidance on topics such as data validation, data privacy, CGI, user management, and more.
  • Secure Coding Guide for iOS Developer (https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html) Secure coding is the practice of writing programs that are resistant to attack by malicious or mischievous people or programs. Secure coding helps protect a user’s data from theft or corruption. In addition, an insecure program can provide access for an attacker to take control of a server or a user’s computer, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users. Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you should be familiar with the information in this document.
  • Microsoft Secure Coding Guidelines .NET Framework (https://msdn.microsoft.com/en-us/library/d55zzx87(v=vs.90).aspxEvidence-based security policy and code access security provide very powerful, explicit mechanisms to implement security. Most application code can simply use the infrastructure implemented by the .NET Framework. In some cases, additional application-specific security is required, built either by extending the security system or by using new ad hoc methods.