Software Security 101: Secure Coding Basics

What's the biggest security risk in your application? It might not be the code you actually wrote.

#1about 15 minutes

Understanding core software security principles and terminology

Key concepts like the CIA triad, technical debt, and design principles provide a shared language for discussing security.

#2about 19 minutes

Evaluating programming languages for security features

Criteria like memory safety, type strictness, and sandbox support help in selecting a language that mitigates entire classes of vulnerabilities by design.

#3about 13 minutes

Implementing secure input and output handling

Proper input validation, canonicalization, sanitization, and context-sensitive output encoding are crucial for preventing injection attacks.

#4about 5 minutes

Avoiding pitfalls in low-level languages and enforcing access control

Low-level languages require manual bounds checking to prevent buffer overflows, while complete mediation ensures access control is checked on every request.

#5about 8 minutes

Applying cryptography and managing user sessions securely

Use standard, well-vetted cryptographic libraries and follow best practices for session management to protect data and user identity.

#6about 9 minutes

Handling concurrency to prevent data integrity issues

Race conditions can lead to data integrity problems, which can be mitigated using techniques like entity versioning or resource locking.

#7about 12 minutes

Understanding common web and API vulnerability classes

Familiarity with lists like the OWASP Top 10 and CWE Top 25 helps in creating targeted protection strategies for specific vulnerabilities like cross-site scripting.

#8about 5 minutes

Managing third-party software dependencies for security

Automating dependency checks for known vulnerabilities is essential because third-party libraries often constitute the majority of an application's code.

#9about 7 minutes