SlideShare a Scribd company logo

5 Important Secure Coding Practices

Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)², profile picture
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²

The document outlines five key secure coding practices essential for minimizing security vulnerabilities in software development: input validation, authentication and access control, fail-safe mechanisms, exception handling, and adherence to secure coding standards. These practices should be integrated into the entire Software Development Life Cycle (SDLC) to ensure the protection of applications and data from unauthorized access and potential breaches. Implementing industry best practices, such as Microsoft SDL, plays a critical role in fostering a uniform and secure coding environment.

Software
Related topics:
Application SecurityApplication Development
1 of 10
1
2
Most read
3
4
Most read
5
6
7
8
9
Most read
10
5 Important Secure Coding Practices Let’s begin
Almost all organisations have coding standards deployed to ensure the uniformity of coding across projects. It is equally important to have secure coding practices as well. These secure coding practices will help to minimise the exposure to security vulnerabilities. Security practices shall be integrated to the entire SDLC phases. 5 important secure coding practices
Industry best practices like Microsoft SDL will help to set these processes. When it comes to secure coding practices, there are lot to be considered. Here, we will look at the minimum to be considered while developing an application. 5 important secure coding practices
Input Validation 01 Fail safe 03 Authentication & Access Control 02 Exception handling 04 Adhere to secure coding standard 05 Let’s look at the important ones
Input Validation A checklist for validation will help to implement these during the development phase. Validation of data entered to the application will help to avoid issues to a greater extend. Ensure that validation is be done for data length , special characters, numerals in text fields and vice-versa.
Authentication & Access Control There should be provision for the following: • Configure account lockout after defined number of attempts • Restriction to re-use passwords which were already used Wherever possible, implement authentication mechanism for the application. The application should have the concept of normal users and admin (privileged) users. The application should have a mechanism to assign access rights to normal users and privileged users. The application should have the provision to assign password complexity requirements. 01 02 03 04 05
This will ensure that the data and the application is protected from unauthorised exposure (breaches) even during an unforeseen situation. It is fine for an application to fail, provided it fails in a safe way. If the application fails or terminates abnormally during a process, there should be a mechanism to contain it. Fail safe
Thus ensuring that the errors or exceptions doesn’t result in a crash or freeze. Exception handling is important. It is always good if the program executes as per the flow or expectations. But at the same time, it is equally important to have a mechanism to handle the exceptions. Exception handling 01 02 03
Ensure that the developers adhere to the standards as well. Adopt a coding standard for the platform/language used to develop the application. The developers should be trained on these standard. Adhere to secure coding standard 01 02 03
Thomas Kurian Ambattu CRISC, ISO27001 LA, ISLA-2011 (ISC2)

More Related Content

PDF
Secure coding presentation Oct 3 2020
Moataz Kamel
 
PDF
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
PPT
Introduction To OWASP
Marco Morana
 
PPTX
Secure coding practices
Mohammed Danish Amber
 
PPTX
Secure coding practices
Scott Hurrey
 
PPTX
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
PPTX
Owasp top 10 vulnerabilities
OWASP Delhi
 
Secure coding presentation Oct 3 2020
Moataz Kamel
 
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
Introduction To OWASP
Marco Morana
 
Secure coding practices
Mohammed Danish Amber
 
Secure coding practices
Scott Hurrey
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Owasp top 10 vulnerabilities
OWASP Delhi
 

What's hot (20)

PDF
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
PDF
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
PPT
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
PDF
Mobile Application Security
cclark_isec
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
ODP
OWASP Secure Coding
bilcorry
 
PDF
Secure coding guidelines
Zakaria SMAHI
 
PPT
End User Security Awareness Presentation
Cristian Mihai
 
PDF
Cybersecurity Employee Training
Paige Rasid
 
PDF
Insecure direct object reference (null delhi meet)
Abhinav Mishra
 
PPT
Secure code practices
Hina Rawal
 
PPTX
Cybersecurity Awareness Training
Dave Monahan
 
PPT
authentication.ppt
jayarao21
 
PDF
OWASP API Security Top 10 - API World
42Crunch
 
PPTX
OWASP Top 10 2021 What's New
Michael Furman
 
PDF
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
PPT
Web Application Security Testing
Marco Morana
 
PDF
14 tips to increase cybersecurity awareness
Michel Bitter
 
PPT
IT Security management and risk assessment
CAS
 
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Mobile Application Security
cclark_isec
 
Vulnerabilities in modern web applications
Niyas Nazar
 
OWASP Secure Coding
bilcorry
 
Secure coding guidelines
Zakaria SMAHI
 
End User Security Awareness Presentation
Cristian Mihai
 
Cybersecurity Employee Training
Paige Rasid
 
Insecure direct object reference (null delhi meet)
Abhinav Mishra
 
Secure code practices
Hina Rawal
 
Cybersecurity Awareness Training
Dave Monahan
 
authentication.ppt
jayarao21
 
OWASP API Security Top 10 - API World
42Crunch
 
OWASP Top 10 2021 What's New
Michael Furman
 
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
Web Application Security Testing
Marco Morana
 
14 tips to increase cybersecurity awareness
Michel Bitter
 
IT Security management and risk assessment
CAS
 
Ad

Similar to 5 Important Secure Coding Practices (20)

PDF
10 Tips to Keep Your Software a Step Ahead of the Hackers
Checkmarx
 
PPTX
secure coding techniques unit-iii material
Sri Latha
 
PDF
Importance of Secure Coding with it’s Best Practices
ElanusTechnologies
 
PPTX
Building an AppSec Team Extended Cut
Mike Spaulding
 
PPTX
Mike Spaulding - Building an Application Security Program
centralohioissa
 
DOCX
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
PPSX
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
PPTX
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
PPTX
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
PDF
What is Secure Code Review and Its Process.pdf
nainasharma1819999
 
PDF
Security Considerations in Codeless Automation Testing.pdf
pcloudy2
 
PDF
Selecting an App Security Testing Partner: An eGuide
HCLSoftware
 
PDF
Procuring an Application Security Testing Partner
HCLSoftware
 
PDF
Best Practices for Developing Secure Web Applications
ScalaCode
 
DOCX
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
CruzIbarra161
 
PPT
Software coding and testing
Sandeep Kumar Nayak
 
PDF
10 Steps To Secure Agile Development
Checkmarx
 
PPTX
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
PPTX
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
PDF
Security is our duty and we shall deliver it - White Paper
Mohd Anwar Jamal Faiz
 
10 Tips to Keep Your Software a Step Ahead of the Hackers
Checkmarx
 
secure coding techniques unit-iii material
Sri Latha
 
Importance of Secure Coding with it’s Best Practices
ElanusTechnologies
 
Building an AppSec Team Extended Cut
Mike Spaulding
 
Mike Spaulding - Building an Application Security Program
centralohioissa
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
What is Secure Code Review and Its Process.pdf
nainasharma1819999
 
Security Considerations in Codeless Automation Testing.pdf
pcloudy2
 
Selecting an App Security Testing Partner: An eGuide
HCLSoftware
 
Procuring an Application Security Testing Partner
HCLSoftware
 
Best Practices for Developing Secure Web Applications
ScalaCode
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
CruzIbarra161
 
Software coding and testing
Sandeep Kumar Nayak
 
10 Steps To Secure Agile Development
Checkmarx
 
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
Security is our duty and we shall deliver it - White Paper
Mohd Anwar Jamal Faiz
 
Ad

Recently uploaded (20)

PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Introduction to Artificial Intelligence
lohedi9363
 

5 Important Secure Coding Practices

  • 1. 5 Important Secure Coding Practices Let’s begin
  • 2. Almost all organisations have coding standards deployed to ensure the uniformity of coding across projects. It is equally important to have secure coding practices as well. These secure coding practices will help to minimise the exposure to security vulnerabilities. Security practices shall be integrated to the entire SDLC phases. 5 important secure coding practices
  • 3. Industry best practices like Microsoft SDL will help to set these processes. When it comes to secure coding practices, there are lot to be considered. Here, we will look at the minimum to be considered while developing an application. 5 important secure coding practices
  • 4. Input Validation 01 Fail safe 03 Authentication & Access Control 02 Exception handling 04 Adhere to secure coding standard 05 Let’s look at the important ones
  • 5. Input Validation A checklist for validation will help to implement these during the development phase. Validation of data entered to the application will help to avoid issues to a greater extend. Ensure that validation is be done for data length , special characters, numerals in text fields and vice-versa.
  • 6. Authentication & Access Control There should be provision for the following: • Configure account lockout after defined number of attempts • Restriction to re-use passwords which were already used Wherever possible, implement authentication mechanism for the application. The application should have the concept of normal users and admin (privileged) users. The application should have a mechanism to assign access rights to normal users and privileged users. The application should have the provision to assign password complexity requirements. 01 02 03 04 05
  • 7. This will ensure that the data and the application is protected from unauthorised exposure (breaches) even during an unforeseen situation. It is fine for an application to fail, provided it fails in a safe way. If the application fails or terminates abnormally during a process, there should be a mechanism to contain it. Fail safe
  • 8. Thus ensuring that the errors or exceptions doesn’t result in a crash or freeze. Exception handling is important. It is always good if the program executes as per the flow or expectations. But at the same time, it is equally important to have a mechanism to handle the exceptions. Exception handling 01 02 03
  • 9. Ensure that the developers adhere to the standards as well. Adopt a coding standard for the platform/language used to develop the application. The developers should be trained on these standard. Adhere to secure coding standard 01 02 03
  • 10. Thomas Kurian Ambattu CRISC, ISO27001 LA, ISLA-2011 (ISC2)