Best Coding Practices
LaDonne White, Manager, Webtrain Inc.
e-Commerce Site
August 31, 2018
-Welcome-
1
Introduction
Security attacks are nowadays focusing on productivity enhanced software.
Software development need robust security requirements to deter attacks.
Some vulnerability exist due to human error when coding.
Software development lifecycle need to apply the best coding practices.
Security attacks are evolving from targeting comprehensively protected IT network infrastructure to the productivity-enhanced software or business operations’ applications such as web-based programs that every user utilize on a daily basis.
Webtrain Inc. uses various software applications to conduct it business operations and evaluation of the entire software packages reveal that there are essential requirements that need to be implemented in order to mitigate against certain attacks. The software development lifecycle which includes the coding practices employed by the development team indicate that certain models such as adequate security testing and hardening processes are not properly outlined.
2
Objectives of best practices
To develop secure software.
Ensure robust security requirements are implemented in the software development lifecycle.
Enhance the overall security of the organization.
Mitigate against software-propagated security attacks.
Therefore, it is important that drastic measures be instituted in the software development lifecycle with all security requirements and processes being widely considered. In order to ensure that applications are designed and implemented with appropriate security requirements, the best coding practices must be used in addition to ensuring that focus on the security threats is determined and influenced by the integrated day-to-day operations and processes of the software. It is imperative to ensure that the programs that company will develop in future follow the secure coding guidelines regardless of the device or model utilized for programming.
3
Purpose
Provide a robust software development lifecycle guide.
Institute best secure coding practices that will enable building of secure software at first rather than implementing latter corrective measures.
Limit regular or daily basis security monitoring processes.
Consequently, it is vital that extreme methods be established in the software development lifecycle with all security requirements and processes being widely considered.
Note that it is less expensive to build secure software than to correct security issues after a breach the release and patch cycle of software security management amounts to lengthy security processes and regular security monitoring as well as increase in attack surface. In addition, the objectives and purpose of the company’s best secure coding practices include implementing secure software products, enhancing security level, and creating a reputable brand within the company as well as externally.
4
Resources
OWASP Secur.
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
1. Best Coding Practices
LaDonne White, Manager, Webtrain Inc.
e-Commerce Site
August 31, 2018
-Welcome-
1
Introduction
Security attacks are nowadays focusing on productivity
enhanced software.
Software development need robust security requirements to
deter attacks.
Some vulnerability exist due to human error when coding.
Software development lifecycle need to apply the best coding
practices.
Security attacks are evolving from targeting comprehensively
protected IT network infrastructure to the productivity-
enhanced software or business operations’ applications such as
web-based programs that every user utilize on a daily basis.
Webtrain Inc. uses various software applications to conduct it
business operations and evaluation of the entire software
packages reveal that there are essential requirements that need
to be implemented in order to mitigate against certain attacks.
The software development lifecycle which includes the coding
practices employed by the development team indicate that
certain models such as adequate security testing and hardening
processes are not properly outlined.
2
2. Objectives of best practices
To develop secure software.
Ensure robust security requirements are implemented in the
software development lifecycle.
Enhance the overall security of the organization.
Mitigate against software-propagated security attacks.
Therefore, it is important that drastic measures be instituted in
the software development lifecycle with all security
requirements and processes being widely considered. In order to
ensure that applications are designed and implemented with
appropriate security requirements, the best coding practices
must be used in addition to ensuring that focus on the security
threats is determined and influenced by the integrated day-to-
day operations and processes of the software. It is imperative to
ensure that the programs that company will develop in future
follow the secure coding guidelines regardless of the device or
model utilized for programming.
3
Purpose
Provide a robust software development lifecycle guide.
Institute best secure coding practices that will enable building
of secure software at first rather than implementing latter
corrective measures.
Limit regular or daily basis security monitoring processes.
Consequently, it is vital that extreme methods be established in
the software development lifecycle with all security
requirements and processes being widely considered.
Note that it is less expensive to build secure software than to
correct security issues after a breach the release and patch cycle
of software security management amounts to lengthy security
processes and regular security monitoring as well as increase in
3. attack surface. In addition, the objectives and purpose of the
company’s best secure coding practices include implementing
secure software products, enhancing security level, and creating
a reputable brand within the company as well as externally.
4
Resources
OWASP Secure Coding Practices Quick Reference Guide.
Use cases.
Security training and workshops.
The resources that can be used as “reference material” and act
as a beginner’s guideline for new employees include OWASP
Secure Coding Practices Quick Reference Guide, use cases, and
security training and workshops. OWASP secure coding
practices is an informative guide that includes a checklist of
comprehensive coding practices while use case illustrate past
incidents and it is enable one to examine a real world case. On
the other hand, security training and workshops enable
employees to put their theoretical knowledge into practice.
5
Methodology
Threat modeling.
Input validation
Output encoding.
Defense in depth.
Security and quality assurance.
There are various methodology of implementing secure coding
practices such as threat modeling, input validation, output
encoding, defense in depth, and quality assurance.
4. For instance, threat modeling is the method of the secure
software development life cycle will best serve the team
because it pertains to understanding the underlying software
technology in terms of security requirements, threats and
capability, and means to mitigate including emerging bugs.
6
Conclusion
Security attacks are nowadays focusing on productivity
enhanced software.
Some vulnerability exist due to human error when coding.
Ensure robust security requirements are implemented in the
software development lifecycle in order to mitigate against
software-propagated security attacks.
In most cases, ineffectively built software result from avoidable
circumstances such as human error or use of relatively low
standards of development. This means that human errors are
likely to allow vulnerabilities to exist in a system and which
can be used by attackers to break in to the system using cross-
script attacks.
7
References
Hall, G. M. L. (2017). Adaptive code: Agile coding with design
patterns and SOLID principles.
Hudgens, J. (2017). Skill Up: A Software Developer's Guide to
Life and Career. Packt Publishing.
Campbell, J. (2017). Clean Coding Techniques: Teamwork and
Clean Coding.
Rother, K. (2017). Pro Python best practices: Debugging,
testing and maintenance.
5. -Thank You-
8
Q 8
A stock pays an annual dividend of $2.50 and that dividend is
not expected to change. Similar stocks pay a return of 10%.
What is P0? (Show workings)
Q9
A stock has just paid a dividend and has declared an annual
dividend of $3.00 to be paid one year from today. The dividend
is expected to grow at a 5% annual rate. The return on equity
for similar stocks is 14%. What is P0? (Show workings)
Q10
What is β and why is it important to investors and issuers of
stock? Describe the behavior of stocks with βs of greater than
one, less than one, and less than zero.
Q11
A company has 30 million shares outstanding trading for $8 per
share. It also has $90 million in outstanding debt. If its equity
cost of capital is 15%, and its debt cost of capital is 9%, and its
effective corporate tax rate is 40%, what is its weighted average
cost of capital? (Show workings)
Q12
What is the difference between capital structure and capital
budgeting? Explain and give an example of a capital structure
decision and an example of a capital budgeting decision.
Q13
6. (TCO E) A company has the opportunity to do any of the
projects for which the net cash flows per year are shown below.
The company has a cost of capital of 15%. Which should the
company do and why? You must use at least two capital
budgeting methods. Show your work.
Year
A
B
C
0
-300
-100
-300
1
100
50
100
2
100
100
100
3
100
100
100
4
100
100
100
5
100
100
100
6
100
100