Secure Coding Practices & Guidelines

Practical guidance for fixing and avoiding vulnerabilities

We’ll help your developers work off their “bug piles” by supplementing the typical generic coding rules with specific and actionable remediation advice.

3 reasons you need secure coding guidelines

  1. Enables developers
    Our actionable and comprehensive guidelines are written by and for developers using technology-specific risk explanations, best practices, and reusuable code examples. They provide developers the framework, library, and language-specific advice they need to produce secure software and remediate vulnerability backlogs.  We also enable you to include your own remediation best practices to better address and align to your unique security best practices.
  2. Creates efficiencies through standard coding practices
    Our secure coding guidelines provide a blueprint for creating security requirements and enable developers to build internal standardizations atop tested guidance. This ensures the use of consistent coding standards across your organization.
  3. Generates an immediate impact
    Our secure coding guidelines minimize the number of costly and time-wasting defects by showing developers how to produce secure software. They are also easy to deploy and use, so you’ll recognize the benefits quickly.

Our list of guidelines is extensive in order to address the many source code vulnerabilities.

We have the expertise, tools, and services you need

Our guidelines aggregate over 23 years of our software security know-how with best-in-breed industry standard sources. We also continue to invest in internal research to ensure our content is up-to-date as vulnerabilities and remediation approaches evolve.

Our secure coding standards cover the following topic areas:

  • Secure input handling
  • Secure output handling
  • Access control
  • Secure session management
  • Secure data transmission and storage

A tailored approach

As needed, we offer customized guidelines to address:

  • Additional development languages / frameworks of interest
  • Additional vulnerability types discovered
  • Custom in-house security frameworks
  • In-house coding standard integration

Frameworks and languages

  • .Net
  • C/C++
  • COBOL
  • JAVA
  • Java Web Services
  • MEAN
  • Ruby on Rails
  • Web 2.0 (HTML5, JavaScript)
  • PHP