We know that most of the software vulnerabilies caused by insecure code implemention and its design. So how to write secure code?
Coding is much more than slinging code. To do it right, coding requires both improvisation and planning.
There are some common steps programmers can take to write secure software:
- Don’t trust user’s input
Always validate all inputs.
- Model threats to your code
List all the useful details about the software you’re building.
Threat models also should be looked at frequently to ensure they’re up to date,
account for changes to the code, and other factors that might affect the security of your code and system.
-Pick great tools
- Code check by yourself
You can identify security weaknesses from the
Common Weakness Enumeration (CWE).
- ISO/IEC TS 17961:2013 “C SECURE”
You can apply the ISO/IEC TS 17961:2013 “C Secure” coding rules.
- Keep It Secure and Simple
Keep your designs simple, and you can prove the security of a system.
- Write code that easy to read
- Never store password as plaintext
- Automate to make security simple
Developers should automate their process to make security best practices easier to adopt.
- Familiar with the common programming error