SafeCode has released a secure development guide that is fairly decent/in depth.
"This edition of the paper prescribes new and
updated security practices that should be applied
during the Design, Programming and Testing activities
of the software development lifecycle. These
practices have been shown to be effective across
diverse development environments. While the
original also covered Training, Requirements, Code
Handling and Documentation, these areas were
given detailed treatment in SAFECode�s papers on
security engineering training and software integrity
in the global supply chain, and thus we have refined
our focus in this paper to concentrate on the core
areas of design, development and testing.
The paper also contains two important, additional
sections for each listed practice that will further
increases its value to implementers�Common
Weakness Enumeration (CWE) references and
Verification guidance."
A Guide to the Most Effective SecureDevelopment Practices in Use Today
http://www.safecode.org/publications/SAFECode_Dev_Practices0211.pdf
Regards,
SafeCode has released a secure development guide that is fairly decent/in depth.
"This edition of the paper prescribes new and
updated security practices that should be applied
during the Design, Programming and Testing activities
of the software development lifecycle. These
practices have been shown to be effective across
diverse development environments. While the
original also covered Training, Requirements, Code
Handling and Documentation, these areas were
given detailed treatment in SAFECode�s papers on
security engineering training and software integrity
in the global supply chain, and thus we have refined
our focus in this paper to concentrate on the core
areas of design, development and testing.
The paper also contains two important, additional
sections for each listed practice that will further
increases its value to implementers�Common
Weakness Enumeration (CWE) references and
Verification guidance."
A Guide to the Most Effective SecureDevelopment Practices in Use Today
http://www.safecode.org/publications/SAFECode_Dev_Practices0211.pdf
Regards,
- Robert Auger
WASC Co Founder/Moderator of The Web Security Mailing List
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/