Secure Coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

Steven Pousty
Red Hat Developer Alumnus

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Free Best Practices Guide for Defensive Coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start Reading

The Latest on Secure Coding & Security

Featured image for GitOps + Kubernetes

Checkpoint and restore in Kubernetes

October 7, 2021

Checkpoint/restore is useful when migrating containers in Kubernetes. Learn how this feature was implemented and how it's used in container migrations.

Quarkus + data grid

How to connect to Red Hat Data Grid without SSL

October 6, 2021

You can use Red Hat's single sign-on technology (SSO) to connect with Red Hat Data Grid, even without Secure Sockets Layer protection.

Featured image for: Can we consider --editable a bad practice?

Secure your Python applications with Thoth recommendations

September 29, 2021

Learn how Project Thoth's new security recommender makes a recommendation, then use the Thamos CLI to find security issues in your Python library code.

Featured image for Kubernetes topics.

Kubernetes admission control with validating webhooks

September 17, 2021

Get an overview of admission control in Kubernetes, then write and deploy a simple webhook that intercepts and validates Prometheus rule creations.

Featured image for C-language topics.

Securing malloc in glibc: Why malloc hooks had to go

August 25, 2021

Demoting malloc hooks solves critical security issues in glibc's memory allocation system. Find out how the changes could affect your applications.

Featured image for GitOps + Kubernetes

Managing GitOps control planes for secure GitOps practices

Chetan Banavikalmutt, Shubham Agarwal
August 3, 2021

Learn how you can implement secure GitOps practices for developer teams by setting up control planes with the Red Hat OpenShift GitOps operator.

More articles on security

Latest Comments

Waiting for Disqus…