Secure coding

1. Overview

The practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. 

2. Description

Guide	Description
Validate Input	Validate input from all untrusted data sources Be suspicious of most external data sources, including command-line arguments, network interfaces, environmental variables, and user-controlled files
Heed compiler warnings	Compile code using the highest warning level available for your compiler and eliminate warning by modifying the code. Use static and dynamic analysis tools like Sonarqube to detect and eliminate additional security flaws.
Architect and design for security policies	Create a software architecture and design software to implement and enforce security policies Divide privileges set appropriately
Keep it simple	Keep  the design as simple and small as possible Complex designs increase the likelihood that errors will be made in their implementation, configuration, and use The effort required to achieve an appropriate level of assurance increases dramatically as security mechanisms become more complex
Default deny	Base access decisions on permission rather than exclusion
Adhere to the principle of least privilege	Every process should execute with the least set of privileges necessary to complete the job Any elevated permission should only be accessed for the least amount of time required to complete the privileged task
Sanitize data sent to other systems	Sanitize all data passed to complex subsystems such as command shells, relational databases, and commercial off-the-shelf(COTS) components. Attackers may be able to invoke unused functionality in these components through the use of SQL, command, or other injection attacks Calling process has responsible for sanitizing the data before invoking the subsystems because it knows the context.
Practice defense in depth	Manage risk with multiple defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense can prevent a security flaw from becoming an exploitable vulnerability and limit the consequences of a successful exploit
Use effective quality assurance techniques	Good quality assurance techniques can be effective in identifying and eliminating vulnerabilities Fuzz testing, penetration testing, and source code audits should all be incorporated as part of an effective quality assurance program Independent security reviews can lead to more secure systems
Adopt a secure coding standard	Develop and apply a secure coding standard for your target development language and platform
Define security requirement	Identify and document security requirements early in the development life cycle Make sure subsequent development artifacts are evaluated for compliance with those requirements
Model threats	Use threat modeling involves identifying key assets, decomposing the application, identifying and categorizing the threats to each asset or component, rating the threats based on a risk ranking, and then developing threat mitigation strategies

3. References

https://wiki.sei.cmu.edu/confluence/display/seccode/Top%2B10%2BSecure%2BCoding%2BPractices

https://en.wikipedia.org/wiki/Secure_coding

https://en.wikipedia.org/wiki/Defensive_programming

https://developers.redhat.com/topics/secure-coding/

https://wiki.sei.cmu.edu/confluence/display/seccode/Top%2B10%2BSecure%2BCoding%2BPractices

https://techbeacon.com/security/4-ways-secure-your-code-regardless-programming-language

https://www.csoonline.com/article/3335120/15-secure-coding-practices-to-use-in-digital-identity.html

https://www.owasp.org/index.php/Secure_Coding_Cheat_Sheet

https://searchsecurity.techtarget.com/definition/fuzz-testing