Secure Coding

Security Code Review and Secure Coding

What is Security Code Review and Secure Coding? How important is it? Are Security Code Review and Secure Coding part of your Application Security program?

Security Code Review

Secure Coding

How to implement Security Code Review

References

https://www.michaelagreiler.com/code-reviews-at-google/

What can we do for Secure Coding?

References

https://developer.android.com/topic/security/best-practices

As an Application Security Engineer how can I improve my Code Review/Secure Coding skills?

  • Know the basics of Code Review/Secure Coding — Check the mentioned links and the following course
  • Know the most important application architectures.
  • Know the programming language,library,framework and all technologies related to the application. Use Youtube and other websites to learn a new language, framework and technologies.(we can’t master all available languages and frameworks! So you just need to know the basics to read the code)

Search for “X full course”, for example “Python full course” , “Spring full course”

  • Practice secure coding on your language or framework.

Use mentioned platforms like Secure Code Warrior, Hackedu and Secure Flag.To try Secure Code Warrior platform you can follow them and register for upcoming tournaments. When you register for a tournament you can have access to their platform.(great platform) Also for Secure Flag platform you can buy OWASP membership and get access to the platform:

Summary

  1. Know vulnerabilities
  2. Know the basics of Secure Coding
  3. Know software architecture
  4. Know the programming language and framework
  5. Know secure coding of that language and framework

Original article: https://www.linkedin.com/pulse/security-code-review-secure-coding-mehdi-esmaeilpour/

Application Security Engineer