The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.
By Eoin Keary, Long Serving OWASP Global Board Member The OWASP Code Review guide was originally born from the OWASP Testing Guide. Initially code review was covered in the Testing Guide, as it seemed like a good idea at the time. Howev - er, the topic of security code review is too big and evolved into its own stand-alone guide.
All code paths that can cause an exception to be thrown should check for success in order for the exception not to be thrown. This could be hard to impossible for a manual code review to cover, especially for large bodies of code.
Remember one of the top rules of secure coding is ÒDonÕt trust user inputÓ. Always validate user data with the full knowledge of what your application is trying to accomplish. Regular expressions can be used to validate user input, but the more complicated the regular express are the more chance it is not full proof and has errors for corner cases.
The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.
I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to keith.tu [email protected].
If you contribute to this Project, please add your name here Project Lead: