A Ponemon Institute report showed that 71% of developers believed that security was not adequately addressed during the software development lifecycle. This figure is revealing as it demonstrates that developers view security as a development priority, yet you often feel unequipped to engage.
The relationship between security and developers has traditionally been like two teams competing at a tug-of-war. On one end, as developers, you are pulling to produce functional products as fast as possible. You don’t want to be told what to do and definitely do not want the security teams to get in the way of developing code. On the other end, security is pulling to ensure the product is as secure as possible.
Writing secure code should be at the top of your minds, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind.
The good news is that you have a great resource to help with secure programming! On the Red Hat Developer Program website, you will find numerous tools that can help you code with security in mind, such as:
- The Defensive Coding Guide: This guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, with a focus on concrete recommendations. Specifically, the guide has three parts: Programming Languages, Specific Programming Tasks, and Implementing Security Features.
- Secure Programming: In this 4-part video series, you will learn the importance of Input Validation, Numeric Errors, Authorization, and Security Mentality. Specifically, developers will learn the importance of checking external inputs, the dangers of using incorrect data types, learn about user privileges, levels of access, and how they are different, and learn how you can adopt a “security mindset”.
- Securing Microservices: In this video, you will learn how to build security into your application microservices architecture by securing all the endpoints so that the end user doesn’t have to authenticate against each one. The video shows a demonstration of using centralized authentication service to secure many different microservices.
- SELinux for Developers: In this whitepaper, as an application developer, you will learn how to use SELinux to strengthen datacenter security.
- Many other resources for developers such as blog posts and articles on: FIPS-compliant credential stores, Keycloak for docker authentication, a developer centric defensive cheat sheet, stack clash mitigation in GCC, etc.
So what are you waiting for? Start coding with security in mind utilizing the developer security resources provided to you on the Red Hat Developer Program!Last updated: November 16, 2018