Secure Coding Best Practices

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

1 hour 27 minutes
Video Transcription
Hello. My name's I happily welcome to the overview off Secure code in
good couldn't process is not number one profound. So off, obviously no flows right out on Know of your slows. We understand that pretty sick your code is not necessarily easy. It's a lot of work. So that's all there for Tehran day. You still see flows all over the place, so my advice
design are right. Schools that's not necessarily require clever allergic to be secured.
Simple, not number two Design, FBI software security concerns. It is better to design DPS the security in mind right from the outset. You know, after wits until after the application must have been fully butte that you now want to retrofit security in sweet.
In that case, it's going to be more difficult on a rope prince who designed your epi eyes to avoid security concerns
right from the outset, Number three avoid duplication off boots on data here and there because application off road and that's actually causes many problems. So both good and that's our tend not to be treated consistently when duplicate that avoid such duplication, because when you make changes, it may not be applied to all the copies off
avoided. Now Number four. That's my best. Therefore, it's not. Although there flows will be eliminated that sets and even they were reviewed codes. That's sudden. So however, if you could his operative, we reduced privileges
then as petition off any flaws is likely to be trotted. So it simply means that I should stick to what we call the principal of this privilege.
Give me the only privilege I need to do my walk. Not anymore. So restricts privileges. That's is number four now. Number five. Establish trust boundaries in an answer. Should I system is protected, it is necessary to establish trust boundaries. This on example off it draws boundary here. Here we are.
This is what we call it. The Web browser on this is this summer.
Whereas A is going to send requests to December Now, always saying is, here you have what we call the trust boundary what the back home south off the Web browser as a request most rechecked at this boundary before it eventually gets to the supper on again. What about comes? Some has been two drops on responses.
So what am I respond to Subodh gives its must be checked by this restaurant. I'm sorry about this boundary
before it. Eventually I guess, to the where brother, The amputation as actually drink the check at the boundary to do was be careful you reviewed So it is very, very important that crosses the boundaries should be sanitized and finally did that before use This is the boundary. So they talk coming from the browser passing treat more than Sonny passed on while you did it.
Response is coming from the Saba
Passing through this boundary must also be Wat Sonny passed on Violated that So this is what we call the trust boundaries as publishing even the application the cord that this accident trust boundary must also be properly reviewed. So avoid problems here on there now, unless they can look out six
minimizing number commission checks.
Therefore security checks at few defined points. Then return the capability that client called retains. So there are no for that permission checks are inquire. What we're trying to talk about is just lie Session,
Keep your arm Security checks in session on. Do that only are defined point. You don't have to keep doing that at all time.
The user their petition needs to access something. Part of the application is just like internal single sign on this case. So minimize normal permission checks. You don't have to carry out the mission checks out all points. It's even reduces the velocity off the application. So it is better to minimizing about permission checks on
all in the occupation.
Number seven here is and cops live.
Allocate. Behaviors are provides off, sent in offices. Feuds off objects should be private. Yes, your is not very boom. You're a lot of variables should be private on a set so small you have avoided. So the interface of the Method Class package on Mu shu forming Guerin settle beagles are nothing more now.
The last but not least pays documents, documents, security related information, NPR documentation. She actually covert security, really that information everything that the security really the more properly documented, including the required but Michelle's security really that exceptionals call a sensitivity and any preconditions supposed condition
that really wants is security
documented this information in comments for it so can also helps and show that it's kept upstate. Yes, this are the references are used so far for because off consulted our kudos. Calm. Our genetics don't come off. That's all tutorials. Point does come. The beauty school. Those come, I say
very many thanks to then. So I thought out you have sent out to secure your close to frustrate our cops? Yes.
Tell them to come up with my expert. I was sure that the controls in place for that on as a cast. So you have seen what they do, what's put out due to security codes. Now you know their secrets are still advisor. You innovate wise, but it's wisdom back. And then, unfortunately, I'm a coda. A man so withdrawn brackets,
if you have any question consented to me at a march at yahoo dot com or you simply connect to me on Lindsay,
you can drop us off message. Is it? That is. I see my simple coop.