Video Description

This section presents the topic of defensive coding, which is extremely important in mitigating against the common security threats discussed in the previous sections of this module. Good coding practices should always be employed and involve being proactive and adhering to good development standards. Being defensive is to always be thinking about potential misuse of your apps! The side benefits of defensive coding and following good standards, which extend beyond producing more secure code, are better quality software, source code that is more comprehensible, as well as code that behaves predictably. We then go on to discuss coding best practices: - Input validation - Convert dangerous inputs and outputs to safe forms - Input typing - Output protection via error and exception handling - Using safe APIs - Proper concurrency using resource locking and atomic operations - Tokenizing - Sandboxing - Anti-tampering via code signing and obfuscation - Secure processes and change management and versioning - Code analysis to ensure quality - static and dynamic inspection - Code reviews - Utilizing secure builds - Implementing secure coding!

Course Modules

ISC2 CISSP