Open in app

Sign in

Write

Sign in

What is Secure Coding

Dinuka Fernando
3 min readJan 2, 2019

--

Each type of device technology and operating systems has its own security vulnerabilities,security issues like hacking.When the developers implementing the software they have to consider about these type of issues in their mind.

When the developers developing the application they don’t have time to integrate all the security checks on that application.

In the QA phase of the application it should not only test the application features it’s better to check the security aspects as well.

Secure Coding?

Secure coding is a practice of implementing/writing software that is protected from vulnerabilities and it is important for all software's(which implemented for mobile devices,servers and embedded devices).

Following the principles of secure coding helps developers to anticipate the challenges and they can prepare for the issues that can be occurs in future.

Secure coding techniques

What happens when there is a error occurs in your application?

  • If you are showing the alert messages if there is an error occurred,you should not show the inner exception message to the user,that will helps to breach of security of your application(Network connection fails,server problem,database issue) you have to handle these exception in effective way.
  • If exceptions are mishandled it can allow bad guys to execution of your code.
  • If error occurred you should not use default messages(building messages)write your own message to show the output for the user.

Many applications are work on provided inputs,So it need to validate inputs( you have to check that input is an expected input)

When the developers using a SQL database it is good to use stored procedures(store in the server) to execute commands without passing that command through the network.

If you can see the source code you can see the security holes because of that you have to use encryption mechanism.

If the application sending data over the network,it should be encrypted(can protected the data on air)

When developers implementing their code it is understandable for the others so it should be difficult to understand(not to the team members) so it’s better to use obfuscate.

Code re-usability-When there is two different applications and the same code reuse for those two application it can be have security vulnerabilities.

Ex:- if the old applications has security vulnerabilities and if you use that code directly in the other application it is also facing the same security vulnerabilities,because of this we need to focus on the safe code reuse.

Need to have validation points of the application.

server-side validation- All checks are occurred in the server and it will protect against malicious users.

Client side validation-End user app makes the validation decisions ,so that can filters the legitimate inputs from genuine users and can be provide speed to the user.

By using both validation points gives extra security to the app.

All the features of your application is using the memory so you should to manage memory in an efficient way, and need to check how your application uses the memory.

Ex:-buffer overflow(huge security risk)-to reduce this risk you have to match your data with the buffer sizes.

If the developers are using the third party libraries and software development kits for extend the functionality of a programming language it can be helps to security risks.

  • Application code is written by a different guy
  • Maybe it’s secure maybe not

So Testing is required.

If you are using sensitive data you have to think about how these sensitive data may expose.

So if the developers follows these secure coding practices then the application getting more secure than anything.

Security
Secure Coding
Software Development
Software Testing

--

--

Dinuka Fernando

Written by Dinuka Fernando

84 Followers

follow me on LinkedIn https://www.linkedin.com/in/dinukafernando/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams