[WEB SECURITY] Secure coding guidelines
Lorna Alamri
lalamri at go-integral.com
Fri Aug 11 16:50:53 EDT 2006
http://java.sun.com/security/seccodeguide.html
https://buildsecurityin.us-cert.gov/daisy/bsi/home.html
Books:
"19 Deadly Sins of Software Security"
Michael Howard
"Software Security: Building Security In"
Gary McGraw
"Secure Coding"
Mark M Graff and Kenneth R. Van Wyk
http://www.securecoding.org/companion/tools.php
You could build and implement Secure Software Development Life Cycle
framework and implement systematic changes such as:
* Education of developers around application vulnerabilities
* Peer reviews
* Automated scan tools to be used at all stages of development
* Automated continuous integration builds
* Automated regression testing
* Checkpoints throughout development cycle to inspect the code
and design looking for potential vulnerabilities and determining
solutions
________________________________
From: Anurag Agarwal [mailto:a_agrawwal at yahoo.com]
Sent: Friday, August 11, 2006 1:51 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Secure coding guidelines
How about a list of sites which contains secure coding guidelines for
java, ASP, python, php, etc?
anybody know of any?
anurag
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060811/d51d2dbe/attachment.html>
More information about the websecurity
mailing list