Secure coding is rarely taught - for developers, the OWASP top ten proactive controls are a great head start.
The languages and frameworks that developers use to build web applications are often lacking critical core controls or are insecure by default in some way. It is also very rare for organisations to guide developers down the path of secure software at the specification stage. And even when they do, there may be security flaws inherent in those specifications. When it comes to software, developers are often set up to lose the security game.
The OWASP Top Ten Proactive Controls 2016 is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development.
- Verify for Security Early and Often
- Parameterize Queries
- Encode Data
- Validate All Inputs
- Implement Identity and Authentication Controls
- Implement Appropriate Access Controls
- Protect Data
- Implement Logging and Intrusion Detection
- Leverage Security Frameworks and Libraries
- Error and Exception Handling
Brandfire can provide development teams with basic training on all of the controls, including examples of how to achieve these aims in several popular web languages including C#.NET and PHP, and tie them in with a fuller understanding of the OWASP Top Ten web application vulnerabilities.