Top-14 OWASP Secure Coding Practices for software developers

Mr.Vic
Mr.Vic
Nov 26, 2020 · 5 min read
Image for post
Image for post

★The objective of this guide is to provide a comprehensive review of the security principles with limited scope in terms of information. The primary goal of the software developing team is to use the available information resource to provide and build secure applications for your business and software operations. It could be obtained through the industry-standard implementation of security controls.

★This section specifically focuses on web applications and application infrastructure security, which can be applied on any deployment platform. This checklist is defined to help in developing high-level security elements and helps to overcome common vulnerability scenarios.

★The key factors to consider that client-side controls such as client-based input validation, hidden fields, interface controls upon developing applications.

★An attacker can use a variety of tools to conduct an attack against the applications, flash, java applets, and other client-side objects can be decompiled and analyzed for extensive flaws present in the app. Sometimes, developers feel challenging to discover vulnerabilities due to the scope of the software or programming languages.

Image for post
Image for post
Figure 1. Secure Coding Practice.

Information Collection Techniques:

The Information collection techniques are another integral part of the vulnerability management process, these are the following assessment methodologies that can be performed within an organization to discover a vulnerability, assess, and audit the physical and virtual infrastructure of the network. The industry standard Vulnerability Scanning Tools and controllers are used in this Information and data collection section.

⍟Vulnerability scanning
⍟Web application assessment
⍟Phishing assessment
⍟Network mapping
⍟wireless assessment
⍟Database assessment
⍟Operating system security assessment (OSSA), and
⍟Penetration testing.

Depending on the nature of the Software security flaws, it can be introduced at any stage of the software development lifecycle, including to any or all of the following:

(i) Not identifying security requirements upfront.

(ii) Creating conceptual designs that have logic errors.

(iii) Using poor coding practices that introduce technical vulnerabilities.

(iv) Deploying the software improperly and

(v) Introducing flaws during maintenance or updating.

1 Input Validation:

Figure 2.Input Validation.

2.Output Encoding:

Image for post
Image for post
Figure 3.Output Encoding.

3.Cryptographic Practices:

Image for post
Image for post
Figure 4.Cryptographic Practices.

4.Communication Security:

Image for post
Image for post
Figure 5. Communication Security.

5.Authentication and Password Management:

Image for post
Image for post
Figure 6. Authentication and Password Management.
Image for post
Image for post
Figure 6. Authentication and Password Management.

6.Session Management:

Image for post
Image for post
Figure 7.Session Management.

7. Access Control:

Image for post
Image for post
Figure 8.Access Control.

8. Memory Management:

Image for post
Image for post
Figure 9.Memory Management.

9. Database Security:

Image for post
Image for post
Figure 10.Database Security.

10. System Configuration:

Image for post
Image for post
Figure 11.System Configuration.

11. File Management:

Image for post
Image for post
Figure 12. File Management.

12. Error Handling and Logging:

Image for post
Image for post
Figure 13.Error Handling and Logging.

13. Data Protection:

Image for post
Image for post
Figure 14.Data Protection.

14. General Coding Practices:

Image for post
Image for post
Figure 15.General Coding Practices.

Conclusion:

★The public and private sector organizations integrate a vulnerability management framework and secure coding practices successfully into their program to ensure a smooth onboarding and development of any software applications. It helps to identify, defend against any threats, and emerging vulnerability. Deploying a VMF is all about managing risk, it allows to locate the risk and remediate the required solution to reduce the risk further causing damage to the IT system or its applications. The technical objectives can be met by deploying industry-recommended tools to perform vulnerability scanning. Finally, an appropriate set of measures, and controls to be taken when defining your scope for successful results in the software development life cycle (SDLC).

Refer further to understand how to integrate risk management into SDLC.

Don’t forget to check these Article’s ⬇️ Best in the Town 😉

How to disable your Google search data activity, Ad personalization, search history, search settings on your browser?

Microsoft’s Top 12 Secure Software Development Lifecycle (SSDL) practices for software developers & security teams?

How can I permanently turn off or disable the Microsoft Compatibility Telemetry service causing High CPU usage?

How to create a Vulnerability management security team, roles & responsibilities in your organizations?

Top-14 OWASP Secure Coding Practices for software developers

How the Homeland Security (DHS), collect, Use, Protect the personal data of U.S citizens, Residents, B1/B2 visitors?

What is the HMAC message authentication system in cryptography? How to deploy it on cryptool2.1 open-source software?

Risk Management Overview & Integration of Risk management into SDLC

Employee’s Endpoint security Internal Survey-Template

— — — — — — — — — — — — — -THE END — — — — — — — — — — — —

Quote of the day: 不挑担子不知重,不走长路不知远 (Bù tiāo dànzi bùzhī zhòng, bù zǒu zhǎng lù bùzhī yuǎn)

Explanation: If you don’t carry a burden, you don’t know how heavy it is. If you don’t walk a long way, you don’t know how far to go

Thanks for reading!
Have a pleasant day!

Image for post
Image for post

👋 Join FAUN today and receive similar stories each week in your inbox! Get your weekly dose of the must-read tech stories, news, and tutorials.

Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬

Image for post
Image for post

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts

Sign up for FAUN

By FAUN

Medium’s largest and most followed independent DevOps publication. Join thousands of aspiring developers and DevOps enthusiasts Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Mr.Vic

Written by

Mr.Vic

Founder of gtmars.com & plan2trip.com. Sharing knowledge in the digital world about Cybersecurity, Technology, Space industry. download: buymeacoffee.com/gtmars

FAUN

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Mr.Vic

Written by

Mr.Vic

Founder of gtmars.com & plan2trip.com. Sharing knowledge in the digital world about Cybersecurity, Technology, Space industry. download: buymeacoffee.com/gtmars

FAUN

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store