Software developers are the backbones of creating secure software. The recently found vulnerability in Apache Log4j underscores the importance of developing secure software. Securing critical software resources is more important than ever as the focus of attackers has steadily moved toward the application layer. It is much less expensive to build secure software than to correct security issues after the software package has been completed, not to mention the costs that may be associated with a security breach.
OWASP has published a secure coding checklist that developers should follow:
- Input Validation
- Output Encoding
- Authentication and Password Management (includes secure handling of credentials by external services/scripts)
- Session Management
- Access Control
- Cryptographic Practices
- Error Handling and Logging
- Data Protection
- Communication Security
- System Configuration
- Database Security
- File Management
- Memory Management
- General Coding Practices
Reference: