Secure Coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

Steven Pousty
Red Hat Developer Alumnus

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Free Best Practices Guide for Defensive Coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start Reading

The Latest on Secure Coding & Security

Featured image for Apache Kafka.
How To

How to secure Apache Kafka schemas with Red Hat Integration Service Registry 2.0

July 16, 2021

Find out what's new in Red Hat Integration Service Registry 2.0, then use the new single sign-on feature to secure your registry using OpenID Connect.

Feature image for secure coding.
Article

Build your own tool to search for code sequences in binary files

July 15, 2021

Use the annocheck stack clash scanner to build a custom scanning tool that you can use to search for a variety of instruction sequences inside executable files.

Featured image for: Value range propagation in GCC with Project Ranger.
Article

Use source-level annotations to help GCC detect buffer overflows

June 25, 2021

Explore three source-level annotations that you can use to help detect out-of-bounds accesses across function call boundaries in GCC 11.

Featured image for secure coding.
Article

Authorino: Making open source, cloud-native API security simple and flexible

June 18, 2021

Get started with Authorino, a proxy-based security tool that provides flexible, Zero Trust API protection based on a range of authentication and authorization models, mechanisms, and policies.

Featured image for Red Hat's single-sign on technology
Article

How to size your projects for Red Hat's single sign-on technology

June 7, 2021

Use the performance benchmarks in this article to better estimate the size of your projects and acquire the right number of subscriptions for Red Hat's single sign-on technology.

Featured image for: Authoring multi-language microservices with Louketo Proxy.
Article

Authorizing multi-language microservices with oauth2-proxy

May 20, 2021

Get started with oauth2-proxy, a replacement for Louketo Proxy that provides microservices authentication without OpenID Connect clients.

More articles on security

Latest Comments

Waiting for Disqus…