Hot Topics
Security Bloggers Network 
SBN

Basics of Secure coding

by Srinivas on September 23, 2020

Introduction:

This article provides an overview of secure coding and how it is useful to prevent security vulnerabilities in applications. We will also discuss the benefits of secure coding to understand the value it adds to an organization when used effectively and we will wrap this article by discussing some examples of secure and insecure source code.

What is secure coding?

Secure coding is the practice of writing code securely so that the final product is protected from security vulnerabilities. While this sounds simple, it is not in reality due to various factors such as Developers knowledge on secure coding, their understanding of risk and the time available before production releases. It is also important to note that secure coding is a practice that any software should go through regardless of what it is built for. It can be Web, Mobile, embedded devices, client software and the list goes on. 

Why is secure coding important? 

Secure coding helps to protect the software from security vulnerabilities that can be exploited. The end goal of software security is to maintain the confidentiality, integrity, and availability of information resources in order to enable successful business operations and secure coding during software development plays a major role in accomplishing this.

Specifically in web applications, following are various risks that are possible due to missing secure coding practices:

  • Remote Command Execution
  • SQL Injection
  • Cross Site Scripting
  • Deserialization Attacks
  • XML Injection attacks

This is not  a complete list of vulnerabilities, but it is of some of the most commonly seen ones. There are several reasons such as Lack of input validation, lack of output encoding,Insecure Access Controls, Insufficient Authentication and Session Management, Insecure use of Cryptography which can lead to insecure software. While there are many insecure practices that cause these vulnerabilities, lack of (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Srinivas. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/_V8p03oj_1k/

Srinivas ,

Secure Guardrails