Part 09 – Defensive Coding

This section presents the topic of defensive coding, which is extremely important in mitigating against the common security threats discussed in the previous sections of this module. Good coding practices should always be employed and involve being proactive and adhering to good development standards. Being defensive is to always be thinking about potential misuse of your apps! The side benefits of defensive coding and following good standards, which extend beyond producing more secure code, are better quality software, source code that is more comprehensible, as well as code that behaves predictably. We then go on to discuss coding best practices:
  • Input validation
  • Convert dangerous inputs and outputs to safe forms
  • Input typing
  • Output protection via error and exception handling
  • Using safe APIs
  • Proper concurrency using resource locking and atomic operations
  • Tokenizing
  • Sandboxing
  • Anti-tampering via code signing and obfuscation
  • Secure processes and change management and versioning
  • Code analysis to ensure quality - static and dynamic inspection
  • Code reviews
  • Utilizing secure builds
  • Implementing secure coding!
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?