Secure Coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

Steven Pousty
Red Hat Developer Alumnus

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Free Best Practices Guide for Defensive Coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start Reading

The Latest on Secure Coding & Security

Featured image for: Can we consider --editable a bad practice?
Article

Prevent Python dependency confusion attacks with Thoth

December 21, 2021

Find out how dependency resolvers like pip leave Python applications vulnerable to dependency confusion attacks, then learn how Thoth prevents them.

Feature image for secure coding.
Article

Secure your Kubernetes deployments with eBPF

December 16, 2021

Learn how to use eBPF and the Security Profiles Operator to automatically generate seccomp profiles, a Linux kernel security feature for Kubernetes.

process automation
Article

Secure communication with Red Hat Decision Manager

December 2, 2021

Get step-by-step instructions to install and configure a self-signed certificate for secure HTTPS communication with Red Hat Decision Manager.

Featured image for DevSecOps topics.
Article

How DevSecOps brings security into the development process

December 1, 2021

What is DevSecOps and what does it mean for your team? Learn how developers apply DevOps tools and processes for security automation in every build.

Featured image for Automate dependency analytics with GitHub Actions
Article

Automate dependency analytics with GitHub Actions

November 30, 2021

Integrate automated vulnerability analysis into GitHub pull requests and CI/CD workflows with the Red Hat CodeReady Dependency Analytics GitHub Action.

Featured image for "Red Hat CodeReady Containers 1.31.2 makes the leap."
Article

Build lightweight and secure container images using RHEL UBI

November 30, 2021

Get started with using Red Hat Universal Base Images for lightweight, secure, and free container builds, with examples based on Golang and Python.

More articles on security

Latest Comments

Waiting for Disqus…