1 / 6

OWASP Secure Coding Practices Quick Reference Guide

OWASP Secure Coding Practices Quick Reference Guide. Project leader Keith Turpin Keith.n.turpin@boeing.com. August, 2010. Project Overview. The guide provides a technology agnostic set of coding practices Presented in a compact, but comprehensive checklist format

bboren
Download Presentation

OWASP Secure Coding Practices Quick Reference Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Secure Coding Practices Quick Reference Guide Project leader Keith Turpin Keith.n.turpin@boeing.com August, 2010

  2. Project Overview • The guide provides a technology agnostic set of coding practices • Presented in a compact, but comprehensive checklist format • At only 12 pages long, it is easy to read and digest • Focuses on secure coding requirements, rather then on vulnerabilities and exploits

  3. Sections of the Guide • The bulk of the document is in the checklists, but other sections include: Introduction Table of contents Software Security Principles Overview Secure Coding Practices Checklist Glossary of important terminology Links to useful resources

  4. Checklist Sections • The checklist are broken up into the following major sections: • Data Validation • Authentication and Password Management • Authorization and Access Management • Session Management • Sensitive Information Storage or Transmission • System Configuration Management • General Coding Practices • Database Security • File Management • Memory Management

  5. Checklist Practices • The practices in each section are short and to the point. Some examples include: • Conduct all data validation on a trusted system • Use two factor authentication for highly sensitive or high value transactional accounts • If a session was established before login, close that session and establish a new session after a successful login • Turn off verbose system messages, especially any associated with error conditions • Restrict the web server, process and service accounts to the least privileges possible • Use strongly typed parameterized queries

  6. Summary • The guides goal is to make it easier for development teams to quickly understand and review secure coding practices. • It does not specify what should or must be done, as all of these practices can be contributing factors to the overall security profile of an application and often it is the combination of flaws, rather than any single one, which leads to an exploitable situation.

More Related