Secure Coding

Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities. Through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors. By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities before deployment.

As any seasoned security professional will tell you, it’s impossible to build bug-free, vulnerability free software. The name of the game in the security industry is risk mitigation. That is, reducing the risk to an acceptable level.It will identify some common mistakes made when developing software that lead to security vulnerabilities.

Two excellent books on secure programming -

Writing Secure Code - is an excellent book on developing secure code with specific examples on the Win32 API and lessons learned from Microsoft.

Building Secure Software: How to Avoid Security Problems the Right Way - is more UNIX oriented, but teaches lessons on secure programming that all developers should know.


Writing Secure Code -

Introduction to Secure Coding Guide - Defend

Your Code with Top 10 Security Tips Every Developer Must Know -

Top 10 Secure Coding Practices -

How To: Perform a Security Code Review for Managed Code (Baseline Activity) -

Secure Coding Principles -

Fundamentals of Secure Software Development -

"Secure Coding in C and C++" A Interview With Robert Seacord -

CERT Secure Coding Standards -

Security Code Review- Identifying Web Vulnerabilities -

Twelve rules for developing more secure Java code -

Open Web Application Security Project -