Libraries and frameworks to help you create secure code
Introduction: Cybersecurity is not an on/off switch
Security is holistic. You’ll no doubt have heard that a lot if you work in the industry, especially over the last few years. It’s true, too. Cybersecurity is not an on/off switch. If you create a digital application, platform or service, it is a process that begins when software is created.
Research findings such as that from the U.S. Department of Homeland Security (DHS) back this up. They found that 90 percent of cyber-attacks were as a result of exploited vulnerabilities in source code. (1)
More often than not, software developers use code libraries to help with the creation of an application. This discipline can also be used in secure coding.
Starting to code securely
If you want to develop secure applications, security must be considered from the start and throughout the development and deployment cycle. Before thinking about coding, therefore, it is important to first learn about the major pitfalls in the code’s environment. For example, a cloud backend for a mobile app will have different security coding considerations when compared to the app itself.
Secure coding libraries or frameworks are not common; some are simply documentation-based, which, in reality, cannot be enforced. Others are more interactive or provide code samples or secure libraries and functions.
In general, code frameworks and libraries tend to be focused either on Web applications or encryption. Language coverage for either is also variable. However, even if your chosen language is not supported it can often be instructive to see how it’s done in another language.
Libraries and frameworks to help develop secure code
Here are some of the better-known frameworks and libraries available to help you ensure your code is securely generated:
- Frameworks for Web applications are commonly based on OWASP recommendations for secure coding (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/l2JqCKQToeY/
