Scribd
Upload
6 views

week 10 Secure Coding Practices

Secure coding is a practice aimed at writing software resistant to security vulnerabilities, employing best practices throughout the development process. Common vulnerabilities include buffer overflow, open-source software risks, cross-site scripting (XSS), and code injection. Key secure coding practices involve input validation, strong authentication, error handling, encryption, regular code reviews, and ongoing security training for developers.

Uploaded by

Shaloops hoops
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

week 10 Secure Coding Practices

Secure coding is a practice aimed at writing software resistant to security vulnerabilities, employing best practices throughout the development process. Common vulnerabilities include buffer overflow, open-source software risks, cross-site scripting (XSS), and code injection. Key secure coding practices involve input validation, strong authentication, error handling, encryption, regular code reviews, and ongoing security training for developers.

Uploaded by

Shaloops hoops
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Secure

Coding
Practices
Secure Coding

Secure coding is a method of writing software and source code that's


shielded from cyber-attacks.

Secure coding is the practice of writing software that is resistant to


security vulnerabilities. It involves using security best practices,
techniques, and tools throughout the software development process.
Most 1. Buffer Overflow

Common
Security Buffer overflow occurs when software developers
Vulnerabilities under allocate the memory reserves required for a
program to run.

A common software security vulnerability, this results


in sensitive data “spilling over” memory stacks where
they’re exposed to hungry cyber attackers.
Most 2. Open-Source Software

Common
Security
Vulnerabilities
Because the coding of open-source software is readily
accessible to the public, secure coding practices are
not always enforced. With no defenses and all security
vulnerabilities publicized, open-source software is a
popular choice within the hacker community.
3. Cross-Site Scripting (XSS)
Most
Common
Security
Vulnerabilities Cross-site scripting is the most common security
vulnerability that even the most trusted website can
fall victim to. XSS occurs when hackers inject a
malicious script into the input fields of web
applications.
Type of XSS

Stored XSS: The Reflected XSS: The DOM-based XSS: This


malicious script is malicious script is happens when the
permanently stored on reflected off the web attack is executed
the server (e.g., in a server (e.g., in the URL through the client-side
database, comment query string or HTTP script. The malicious
section, or user profile). headers). The server data doesn't necessarily
Every time a user loads includes the input data come from the server
the page, the script in the response without but rather from the
runs. sanitizing it. DOM (Document Object
Model) itself, causing
the client-side script to
The malicious script Reflected XSS requires execute the injected
runs whenever the page the victim to click on a code.
is accessed, which can crafted link (phishing
lead to the theft of attack).
sensitive data, session No server-side
hijacking, or the involvement; the
spreading of malware. vulnerability exists only
in the client-side script.
Most 4. Code Injection
Common
Security
Programming languages often fall victim to code injection
Vulnerabilities attacks. In a code injection attack, hackers submit code into
a web application to manipulate its functions. SQL
injection is a common form of code injection that hackers
use to access a website’s database.
Type of Injection
Type of Injection
The Role of Secure Coding in Preventing Cyber Attacks

1 2 3 4
Reducing Enhancing Complying with Building Trust
Vulnerabilities Code Quality Standards and
Regulations
1. Input Validation: Always validate and sanitize
Key Secure user inputs to prevent injection attacks. Ensure
that data is checked against expected patterns
Coding and formats before processing.

Practices
2. Authentication and Authorization: Implement
strong authentication mechanisms and enforce
strict authorization checks to ensure that users
have the appropriate access levels.
3. Error Handling: Properly handle errors and
exceptions to avoid revealing sensitive
Key Secure information. Ensure that error messages are
generic and do not expose internal details.
Coding
Practices
4. Encryption: Use strong encryption
techniques to protect sensitive data both at
rest and in transit. Ensure that encryption
keys are managed securely.
5. Regular Code Reviews: Conduct regular
code reviews and security assessments to
Key Secure identify and remediate potential vulnerabilities.
Peer reviews and automated tools can be
Coding invaluable in this process.

Practices
6. Security Training: Provide ongoing security
training for developers to keep them updated on
the latest threats and secure coding techniques.
A well-informed development team is a critical
asset in the fight against cyber attacks.

You might also like