Secure coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

What is secure coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Free best practices guide for defensive coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start reading

Featured secure coding resources

Jun 20, 2024

How to find vulnerabilities across millions of images

Bill Dettelback

Find out how you can track and report on vulnerabilities across a large...

Feature image for Red Hat OpenShift
May 30, 2024

Ensure a scalable and performant environment for ROSA with hosted control planes

Russell Zaleski +3

Explore the benefits of hosted control planes, a new deployment model for Red...

How Rust makes the Rayon data parallelism library magical
May 21, 2024

Improve basic programming safety with Rust lang

Sandipan Roy

Explore Rust features that can help you write more secure code, along with...

Kubernetes + OpenShift featured image
May 14, 2024

Use OperatorPolicy to manage Kubernetes-native applications

Jacob Berger +1

Learn the basics of OperatorPolicy, a new kind of resource, and how you can...