Secure Coding for Beginners

A quick introduction to the importance of secure coding

Louise Norris
Jun 18, 2020 · 2 min read
Padlock to illustrate security
Padlock to illustrate security

Secure coding is the practice of writing code which is secure and protected from vulnerabilities. Insecure code is at risk of malicious attacks which can lead to dire consequences such as loss of service, loss of sensitive data, damage to the systems of thousands of users or worse.

The OWASP (Open Web Application Security Project) documents the Top 10 most critical security risks to web applications such as Injection, Cross-Site Scripting and Using Components with Known Vulnerabilities. Being aware of these security risks is an effective first step towards secure coding, along with the following best practices.

Thinking about security when planning an application can save a lot of time and trouble in the long run. An insecure web application may need extensive redesign for it to become secure if security is not built in from the start of its development.

Think about what you are building and put yourself in the mindset of a malicious cyber attacker. Think about the many hypothetical motives they may have for attacking an application — could they be looking to steal money or information, and maybe identities? Could they be motivated by corporate secrets or just the urge to demonstrate their hacking skills? Identifying the motives behind possible attacks can help to anticipate vulnerabilities which need to be addressed.

Users are primarily why we build applications; however, we should be aware that they have the power to break and attack an application. Four of the OWASP’s Top 10 critical security risks come from trusting user input too much (Injection, XML External Entities, Cross-site Scripting, and Insecure Deserialization). A user can input malicious code which can result in an application running whatever code the attacker wants to execute, for example leading to the installation of an attacker’s malware. You can safeguard against a user through validation of any data they input into an application, making sure that only safe expected input is obtained and that any possibly unsafe input is rejected.

Cryptography processes help to protect data stored in web applications. If cryptography is done poorly attackers can figure out cryptography methods with ease and get to your data, however if it is done well it is an extremely strong step in protecting stored data. Make sure you adhere to cryptography best practices such as using known good algorithms and encrypting data at rest and in transit.

Attackers are constantly on the hunt for new vulnerabilities and writing code to exploit these. Invest time in understanding and protecting the vulnerabilities in your web application and stay alert.

The Startup

Get smarter at building your thing. Join The Startup’s +786K followers.

By The Startup

Get smarter at building your thing. Subscribe to receive The Startup's top 10 most read stories — delivered straight into your inbox, once a week. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Louise Norris

Written by

Full Stack Developer — learning always

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +786K followers.

Louise Norris

Written by

Full Stack Developer — learning always

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +786K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store