Secure Coding

Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities. Through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors. By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities before deployment.

As any seasoned security professional will tell you, it’s impossible to build bug-free, vulnerability free software. The name of the game in the security industry is risk mitigation. That is, reducing the risk to an acceptable level.It will identify some common mistakes made when developing software that lead to security vulnerabilities.

Two excellent books on secure programming -

Writing Secure Code - is an excellent book on developing secure code with specific examples on the Win32 API and lessons learned from Microsoft.

Building Secure Software: How to Avoid Security Problems the Right Way - is more UNIX oriented, but teaches lessons on secure programming that all developers should know.

References:

Writing Secure Code -
http://msdn.microsoft.com/en-us/security/aa570401.aspx

Introduction to Secure Coding Guide - http://developer.apple.com/DOCUMENTATION/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf Defend

Your Code with Top 10 Security Tips Every Developer Must Know - http://msdn.microsoft.com/en-us/magazine/cc188938.aspx

Top 10 Secure Coding Practices - https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices

How To: Perform a Security Code Review for Managed Code (Baseline Activity) - http://msdn.microsoft.com/en-us/library/ms998364.aspx

Secure Coding Principles -
http://www.owasp.org/index.php/Secure_Coding_Principles

Fundamentals of Secure Software Development - http://www.safecode.org/publications/SAFECode_Dev_Practices1108.pdf

"Secure Coding in C and C++" A Linux.SYS-CON.com Interview With Robert Seacord - http://linux.sys-con.com/node/158854

CERT Secure Coding Standards - https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards

Security Code Review- Identifying Web Vulnerabilities - http://www.infosecwriters.com/text_resources/pdf/Code_Review_KMaraju.pdf

Twelve rules for developing more secure Java code -
http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html

Open Web Application Security Project - http://www.owasp.org/index.php/Main_Page