adam's notes

Secure Coding

Modern development practices use a security development lifecycle running in parallel or integrated with the focus on software functionality and usability.

Best Practices

Data Protection

  • Secure coding practices ensure that sensitive data is kept confidential and secure
    • input validation
    • encryption
    • strong authorization and authentication
    • proper error handling
    • secure storage of sensitive data
    • regular testing and maintenance

Secure Coding for Cloud

  • Common resources:
    • OWASP Cloud Native Application Security Top 10
      • Archived (2025)
    • SANS Top 25 Software Errors
      • uses the Common Weakness Scoring System (CWSS)
    • OWASP Application Security Verification Standard (ASVS)
      • sets a community standard for testing application security controls
      • consists of 3 levels of security verification:
        • Level 1 can be done entirely with pen testing
        • Level 3 critical application security validation
          • requires in-depth validation and testing
      • each ASVS category includes
        • numbered requirements
        • CWE number
      • https://owasp.org/www-project-application-security-verification-standard/
    • Software Assurance Forum for Excellence in Code (SAFECode)
      • is an industry group that is compose of many large industry vendors and focuses on secure software development
      • provides “SAFECode Fundamental Practices for Secure Software Development”
        • includes sections on design, secure coding practices, third-party component risk, testing and validation, managing findings, handling vulnerabilities, and disclosure processes
      • Not as current (2019)

Graph View

Backlinks