Owasp secure coding practices quick reference guide 2017

Best Coding Practices

LaDonne White, Manager, Webtrain Inc.

e-Commerce Site

August 31, 2018

-Welcome-

1

Introduction

Security attacks are nowadays focusing on productivity enhanced software.

Software development need robust security requirements to deter attacks.

Some vulnerability exist due to human error when coding.

Software development lifecycle need to apply the best coding practices.

Security attacks are evolving from targeting comprehensively protected IT network infrastructure to the productivity-enhanced software or business operations’ applications such as web-based programs that every user utilize on a daily basis.

Webtrain Inc. uses various software applications to conduct it business operations and evaluation of the entire software packages reveal that there are essential requirements that need to be implemented in order to mitigate against certain attacks. The software development lifecycle which includes the coding practices employed by the development team indicate that certain models such as adequate security testing and hardening processes are not properly outlined.

2

Objectives of best practices

To develop secure software.

Ensure robust security requirements are implemented in the software development lifecycle.

Enhance the overall security of the organization.

Mitigate against software-propagated security attacks.

Therefore, it is important that drastic measures be instituted in the software development lifecycle with all security requirements and processes being widely considered. In order to ensure that applications are designed and implemented with appropriate security requirements, the best coding practices must be used in addition to ensuring that focus on the security threats is determined and influenced by the integrated day-to-day operations and processes of the software. It is imperative to ensure that the programs that company will develop in future follow the secure coding guidelines regardless of the device or model utilized for programming.

3

Purpose

Provide a robust software development lifecycle guide.

Institute best secure coding practices that will enable building of secure software at first rather than implementing latter corrective measures.

Limit regular or daily basis security monitoring processes.

Consequently, it is vital that extreme methods be established in the software development lifecycle with all security requirements and processes being widely considered.

Note that it is less expensive to build secure software than to correct security issues after a breach the release and patch cycle of software security management amounts to lengthy security processes and regular security monitoring as well as increase in attack surface. In addition, the objectives and purpose of the company’s best secure coding practices include implementing secure software products, enhancing security level, and creating a reputable brand within the company as well as externally.

4

Resources

OWASP Secure Coding Practices Quick Reference Guide.

Use cases.

Security training and workshops.

The resources that can be used as “reference material” and act as a beginner’s guideline for new employees include OWASP Secure Coding Practices Quick Reference Guide, use cases, and security training and workshops. OWASP secure coding practices is an informative guide that includes a checklist of comprehensive coding practices while use case illustrate past incidents and it is enable one to examine a real world case. On the other hand, security training and workshops enable employees to put their theoretical knowledge into practice.

5

Methodology

Threat modeling.

Input validation

Output encoding.

Defense in depth.

Security and quality assurance.

There are various methodology of implementing secure coding practices such as threat modeling, input validation, output encoding, defense in depth, and quality assurance.

For instance, threat modeling is the method of the secure software development life cycle will best serve the team because it pertains to understanding the underlying software technology in terms of security requirements, threats and capability, and means to mitigate including emerging bugs.

6

Conclusion

Security attacks are nowadays focusing on productivity enhanced software.

Some vulnerability exist due to human error when coding.

Ensure robust security requirements are implemented in the software development lifecycle in order to mitigate against software-propagated security attacks.

In most cases, ineffectively built software result from avoidable circumstances such as human error or use of relatively low standards of development. This means that human errors are likely to allow vulnerabilities to exist in a system and which can be used by attackers to break in to the system using cross-script attacks.

7

References

Hall, G. M. L. (2017). Adaptive code: Agile coding with design patterns and SOLID principles.

Hudgens, J. (2017). Skill Up: A Software Developer's Guide to Life and Career. Packt Publishing.

Campbell, J. (2017). Clean Coding Techniques: Teamwork and Clean Coding.

Rother, K. (2017). Pro Python best practices: Debugging, testing and maintenance.