SlideShare a Scribd company logo

Secure coding checklist

Download as PPT, PDF
Prabhanshu Saraswat
Prabhanshu Saraswat
Technology
1 of 17
Reference from OWASP( www.owasp.com). Security Check BY- Prabhanshu Saraswat
ISTQB official website was compromised and offensive photo was put on its homepage. LinkedIn – the popular social media network – recently confirmed that a breach of its network has compromised hashed passwords associated with its accounts. News reports estimate almost 6.5 million passwords have been compromised. - See more at: http://blog.aujas.com/quick-test-find-company- security.html#sthash.STsZqk85.dpuf Financial Times Tech Blogs & Twitter Accounts Hacked By Syrian Electronic Army. An unknown hacker hacked the website of Thai Prime Minister Yingluck Shinawatra’s office and posted offensive message as shown in the image below. Few recent security Breaches around the world
Offensive Message
Security Checklist for development
Boot unmanaged code, Believe in Tested and managed.
Love task specific built-in APIs Do not permit the application to issue commands directly to the Soul , Especially through the use of application initiated command shells.
Use Checksum or Hash Use a small-size datum computed from an arbitrary block of digital data for the purpose of detecting errors to verify the integrity of interpreted code, libraries, executable, and configuration files.
Limit the access to prevent multiple simultaneous requests or use a synchronization mechanism to prevent race conditions( locking). Lock
Protect shared variables and resources Like inappropriate concurrent access
Clearly initialize all your variables and other data stores, either during declaration or just before the first usage Explicit Declaration
Quick Raise and Drop elevated privileges If application must run with elevated privileges then raise privileges as late as possible,and also drop them as soon as possible.
Get rid from overwhelming Avoid calculation errors by understanding your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision,signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation
Do not play with user supplied data let it to come in first Do not pass user supplied data to any dynamic execution function
Do not change user into a developer its your role Restrict users from generating new code or altering existing code
Use magnifying glasses for third party support Review all secondary applications, third party code and libraries to determine business necessity and validate safe functionality, as these can introduce new vulnerabilities
If the application will utilize automatic updates, then use cryptographic signatures for your code and ensure your download clients verify those signatures. Use encrypted channels to transfer the code from the host server. Be private to update & Implement safe updating
Secure coding checklist

Recommended

Parameter tampering
Parameter tamperingParameter tampering
Parameter tampering
Dilan Warnakulasooriya
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tips
tcellsn
 
The Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverThe Quiet Rise of Account Takeover
The Quiet Rise of Account Takeover
IMMUNIO
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
Avyaan, Web Security Company in India
 
Sql injection
Sql injectionSql injection
Sql injection
Dilan Warnakulasooriya
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
Owasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesOwasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilities
RIZWAN HASAN
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
Miguel Angel Falcón Muñoz
 

Recommended

Parameter tampering
Parameter tamperingParameter tampering
Parameter tampering
Dilan Warnakulasooriya
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tips
tcellsn
 
The Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverThe Quiet Rise of Account Takeover
The Quiet Rise of Account Takeover
IMMUNIO
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
Avyaan, Web Security Company in India
 
Sql injection
Sql injectionSql injection
Sql injection
Dilan Warnakulasooriya
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
Owasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesOwasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilities
RIZWAN HASAN
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
Miguel Angel Falcón Muñoz
 
Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015
Abhijeth D
 
Security Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking ApplicationsSecurity Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking Applications
QATestLab
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
Alwin Thayyil
 
OWASP
OWASPOWASP
OWASP
gehad hamdy
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication?
Sinch
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
Splunk
 
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackAPI Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An Attack
Nordic APIs
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
CMR WORLD TECH
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
Steven Cahill
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
m srikanth
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
tobybear30
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
NARESH GUMMAGUTTA
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
Martins Chibuike Onuoha
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
vivatechijri
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and Forwards
Shane Stanley
 
Security 101
Security 101Security 101
Security 101
George V. Reilly
 
Secure Code Warrior - Robust error checking
Secure Code Warrior - Robust error checkingSecure Code Warrior - Robust error checking
Secure Code Warrior - Robust error checking
Secure Code Warrior
 
Social media security users guide edited
Social media security users guide editedSocial media security users guide edited
Social media security users guide edited
Sergey Miller
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Version
famudal
 

More Related Content

What's hot

Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
Steven Cahill
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
tobybear30
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
vivatechijri
 

What's hot (20)

Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015
 
Security Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking ApplicationsSecurity Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking Applications
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
OWASP
OWASPOWASP
OWASP
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication?
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackAPI Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An Attack
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and Forwards
 
Security 101
Security 101Security 101
Security 101
 
Secure Code Warrior - Robust error checking
Secure Code Warrior - Robust error checkingSecure Code Warrior - Robust error checking
Secure Code Warrior - Robust error checking
 

Viewers also liked

Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptx
Pink Elephant
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
Brian Honan
 

Viewers also liked (7)

Social media security users guide edited
Social media security users guide editedSocial media security users guide edited
Social media security users guide edited
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Version
 
Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptx
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...
 
Digital in 2017 Global Overview
Digital in 2017 Global OverviewDigital in 2017 Global Overview
Digital in 2017 Global Overview
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 

Similar to Secure coding checklist

How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
Pixel Crayons
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01
Richard Sullivan
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001
Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
Jeremiah Grossman
 

Similar to Secure coding checklist (20)

C01461422
C01461422C01461422
C01461422
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Developing Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksDeveloping Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common Attacks
 
Secure Software Engineering
Secure Software EngineeringSecure Software Engineering
Secure Software Engineering
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Owasp web security
Owasp web securityOwasp web security
Owasp web security
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
 
T04505103106
T04505103106T04505103106
T04505103106
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awareness
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Secure coding checklist

  • 1. Reference from OWASP( www.owasp.com). Security Check BY- Prabhanshu Saraswat
  • 2. ISTQB official website was compromised and offensive photo was put on its homepage. LinkedIn – the popular social media network – recently confirmed that a breach of its network has compromised hashed passwords associated with its accounts. News reports estimate almost 6.5 million passwords have been compromised. - See more at: http://blog.aujas.com/quick-test-find-company- security.html#sthash.STsZqk85.dpuf Financial Times Tech Blogs & Twitter Accounts Hacked By Syrian Electronic Army. An unknown hacker hacked the website of Thai Prime Minister Yingluck Shinawatra’s office and posted offensive message as shown in the image below. Few recent security Breaches around the world
  • 5. Boot unmanaged code, Believe in Tested and managed.
  • 6. Love task specific built-in APIs Do not permit the application to issue commands directly to the Soul , Especially through the use of application initiated command shells.
  • 7. Use Checksum or Hash Use a small-size datum computed from an arbitrary block of digital data for the purpose of detecting errors to verify the integrity of interpreted code, libraries, executable, and configuration files.
  • 8. Limit the access to prevent multiple simultaneous requests or use a synchronization mechanism to prevent race conditions( locking). Lock
  • 9. Protect shared variables and resources Like inappropriate concurrent access
  • 10. Clearly initialize all your variables and other data stores, either during declaration or just before the first usage Explicit Declaration
  • 11. Quick Raise and Drop elevated privileges If application must run with elevated privileges then raise privileges as late as possible,and also drop them as soon as possible.
  • 12. Get rid from overwhelming Avoid calculation errors by understanding your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision,signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation
  • 13. Do not play with user supplied data let it to come in first Do not pass user supplied data to any dynamic execution function
  • 14. Do not change user into a developer its your role Restrict users from generating new code or altering existing code
  • 15. Use magnifying glasses for third party support Review all secondary applications, third party code and libraries to determine business necessity and validate safe functionality, as these can introduce new vulnerabilities
  • 16. If the application will utilize automatic updates, then use cryptographic signatures for your code and ensure your download clients verify those signatures. Use encrypted channels to transfer the code from the host server. Be private to update & Implement safe updating