Plan Implement OWASP Secure Coding Practices


The starting point for secure development is to use secure-coding practices.

The Open Web Application Security Project (OWASP) is a global charitable organization focused on improving software security.

OWASP's stated mission is to make software security visible so that individuals and organizations can make informed decisions.

They offer impartial and practical advice.

OWASP regularly publishes a set of Secure Coding Practices. Their guidelines currently cover advice in the following areas:

  • Input Validation
  • Output Encoding
  • Authentication and Password Management
  • Session Management
  • Access Control
  • Cryptographic Practices
  • Error Handling and Logging
  • Data Protection
  • Communication Security
  • System Configuration
  • Database Security
  • File Management
  • Memory Management
  • General Coding Practices

OWASP also publishes an intentionally vulnerable web application called The Juice Shop Tool Project to learn about common vulnerabilities and see how they appear in applications.

It includes vulnerabilities from all the OWASP Top 10.

In 2002, Microsoft underwent a company-wide re-education and review phase to produce secure application code.

The book, Writing Secure Code by David LeBlanc, Michael Howard, was written by two people involved and provided detailed advice on writing secure code.

For more information, you can see the following: