Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.

Published byBuddy Blankenship Modified over 7 years ago

Similar presentations

Presentation on theme: "SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for."— Presentation transcript:

1 SECURE DEVELOPMENT

2 SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for security policies Keep it simple Default deny Adhere to principle of least privilege Sanitize data sent to other systems (especially the client!) Practice defense in depth Use good quality assurance techniques (including security testing) Adopt a secure coding standard (standard development stack/libraries) https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices

3 OWASP TOP 10 Injection flaws Broken authentication and session management Cross-site scripting (XSS) Insecure direct object references Security misconfiguration Sensitive data exposure Missing function level access control Cross-site request forgery (CSRF) Using components with known vulnerabilities Unvalidated redirects and forwards https://www.owasp.org/index.php/Top_10_2013-Top_10

4 MOZILLA WEBAPPSEC SECURE CODING GUIDELINES Authentication Session Management Access Control Input Validation Output Encoding Cross Domain Secure Transmission Content Security Policy Logging Admin login pages Uploads Error Handling https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines

Download ppt "SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for."

Similar presentations

Webgoat.

Webgoat.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
OWASP Web Vulnerabilities and Auditing

OWASP Web Vulnerabilities and Auditing
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!

Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.

Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
The OWASP 2010 Top 10 Jason Montgomery, CISSP OWASP Cincinnati – Aug 30, 2011.

The OWASP 2010 Top 10 Jason Montgomery, CISSP OWASP Cincinnati – Aug 30, 2011.
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.

By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
Workshop 3 Web Application Security Li Weichao March 14 2014.

Workshop 3 Web Application Security Li Weichao March
OWASP Zed Attack Proxy Project Lead

OWASP Zed Attack Proxy Project Lead
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Origins, Cookies and Security – Oh My! John Kemp, Nokia Mobile Solutions.

Origins, Cookies and Security – Oh My! John Kemp, Nokia Mobile Solutions.
The OWASP Way Understanding the OWASP Vision and the Top Ten.

The OWASP Way Understanding the OWASP Vision and the Top Ten.
Security Management prepared by Dean Hipwell, CISSP

Security Management prepared by Dean Hipwell, CISSP

Similar presentations

Ads by Google