ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What are principles of secure programming?

user-image
تم إضافة السؤال من قبل مستخدم محذوف‎
تاريخ النشر: 2014/05/25
Mudassar Hakim
من قبل Mudassar Hakim , Requirement Analyst & Software Developer , L&T Infotech

The basic principles for secure programming would be as follows

(a) authentication: Provinding of your identity eg Username & Password,

(b) authorization: Providing access certain areas of your application to varying users eg free section & premium section,

(c) data integrity: transfer of data from source to destination should be consistenteg encoding & decoding,

(d) confidentiality: secure transfer of data eg hashing algorithm

Shafayet Ullah
من قبل Shafayet Ullah , Junior Java Programmer , The Computers Limited

1. the polymorphism

2. the encapsulation

3. platfrom independent

 

Mohamed Mansour
من قبل Mohamed Mansour , Java Developer , Arrow Electronics

An critical first step to develop a secure application is an effective training plan that allows developers to learn important secure coding principles and how they can be applied.  Compliance with this control is assessed through Application Security Testing Program (required by MSSEI6.2) , which includes testing for secure coding principles described in OWASP Secure Coding Guidelines:

  1. Input Validation
  2. Output Encoding
  3. Authentication and Password Management (includes secure handling of credentials by external services/scripts)
  4. Session Management
  5. Access Control
  6. Cryptographic Practices
  7. Error Handling and Logging
  8. Data Protection
  9. Communication Security
  10. System Configuration
  11. Database Security
  12. File Management
  13. Memory Management
  14. General Coding Practices

You can also have alook at this useful links:

https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practiceshttp://blogs.computerworld.com/application-security/21425/5-key-principles-successful-application-security-program