Secure Coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

Steven Pousty
Red Hat Developer Alumnus

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Free Best Practices Guide for Defensive Coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start Reading

The Latest on Secure Coding & Security

Secure your Quarkus applications | DevNation Tech Talk

Secure your Quarkus applications | DevNation Tech Talk

June 26, 2020

So you have built - in no time - your Quarkus application and it's supersonic subatomic fast. Have you thought about security? Right, usually this is the thing we implement at the end. Even if it's a crucial part of our application, we often ignore it. The good news is that with Quarkus, adding security and identity management is a breeze. Join this 100% live coding session where we explore the different options that Quarkus offers you to secure your applications.

What enterprise developers need to know about security and compliance

What enterprise developers need to know about security and compliance

June 23, 2020

One of the luxuries of my job is that I get to speak to and work with a range of IT people employed by U.S. federal and state government agencies. That range includes DevOps engineers, developers, sysadmins, database administrators, and security professionals. Everyone I talk to, even security professionals, says that IT security and compliance […]

Security and authentication strategies for apps on Kubernetes | DevNation Tech Talk

Security and authentication strategies for apps on Kubernetes | DevNation Tech Talk

June 18, 2020

Today, application security is a “must have” but it’s difficult to introduce it without modifying code if you didn’t think about it at the very beginning. Fortunately, the new cloud native patterns brought by containers and platforms like Openshift/Kubernetes offer simple ways to address security concerns without touching code. In this tech talk, we will walk through many stages to secure an existing application made by ‘Average Java Developer’ where security was clearly an afterthought.

Keeping Kubernetes secrets secret | DevNation Tech Talk

Keeping Kubernetes secrets secret | DevNation Tech Talk

June 18, 2020

Everyone is talking about the microservices and serverless architecture and how to deploy them using cluster managers like Kubernetes. But, what about the secrets? The current trend increases the number of secrets required to run our services. This places a new level of maintenance on our security teams.

Extending Red Hat SSO with IBM Security Verify

Extending Red Hat SSO with IBM Security Verify

June 11, 2020

More and more organizations are using Red Hat Single Sign-On (Red Hat SSO) as the foundation for securing user identities for enterprise and consumer applications. The focus on providing both robust security and a seamless user experience needs to be equally considered. Neither of these requirements should be compromised, especially as applications are being built […]

Adding keystores and truststores to microservices in Red Hat OpenShift

Adding keystores and truststores to microservices in Red Hat OpenShift

June 5, 2020

You might not need Secure Socket Layer (SSL)-based communication between microservices in the same cluster, but it’s often a requirement if you want to connect to a remote web service or message broker. In cases where you will expose a web service or other endpoints, you might also have to use a custom keystore in […]

Latest Comments

Waiting for Disqus…