What is is Secure Coding?
Secure coding is a method where the developer will securing the code from been compromised by the attacker. The best practice for this method is the developer need to secure their application coding before going live.
Step of doing Secure Coding
Below are the step of execute the Secure Coding activity:
- Validate input is a method where it will validate the input outcome from all suspicious data sources. The reason of it is because need to process a proper input validation where it can remove the vast majority of the software vulnerabilities. The developer need to be aware of external data sources such as command-lien arguments, network traffic, environment variables and others
- Source compiler warnings/ Heed Compiler Warning is normally a process of compiling the code using the highest warning level which is available on your compiler. From there, you need to remove the warning by changing the code and need to use dynamic analysis tools to discover and remove any additional security flaws on the code.
- Security Policies for Architect and design is usually where it create a software architecture and design to drive the security policies onto it.
- The developer need to made it simple as much as possible which the complex design will increase the possibility of the error occurs in the implementation, configuration and use in the source code.
- The base access on the permission need to be default deny rather than exclusion. As a result, the access to the system will be denied for the unauthorized personnel which give protection to the developer and system.
For ease the life of the developer, they can see the checklist on the source code review here (Source: OWASP Secure Coding Practices)