Secure Coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

Steven Pousty
Red Hat Developer Alumnus

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Free Best Practices Guide for Defensive Coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start Reading

The Latest on Secure Coding & Security

Vulnerability analysis of Golang applications and more with Red Hat CodeReady Dependency Analytics v0.3.2
Article

Cross-site scripting: Explanation and prevention with Go

June 28, 2022

Looking to understand the various cross-site scripting techniques used by attackers? Learn the details from developer experts including XSS prevention methods.

Featured image for Kubernetes topics.
Article

8 open source Kubernetes security tools

June 20, 2022

See how a number of tools, like KubeLinter, kube-bench, and kube-hunter, can reveal problems in your Kubernetes configuration.

Featured image for Kubernetes topics.
Article

4 tips for achieving better security on Kubernetes

June 14, 2022

Red Hat's report, 2022 State of Kubernetes security, offers recommendations for organizations' practices to increase protection.

Featured image for Automate dependency analytics with GitHub Actions
Article

Kubernetes security risks that keep developers up at night

June 13, 2022

A Red Hat survey revealed that security flaws are hindering innovation in Kubernetes container environments. DevSecOps is described as an emerging model.

Featured image for: Value range propagation in GCC with Project Ranger.
Article

Use compiler flags for stack protection in GCC and Clang

June 2, 2022

Smash-stacking attacks are common, but the GCC and Clang compilers have a number of flags that can help defend against them. Read on for more info.

Featured image for: SCTP over UDP in the Linux kernel.
Article

Is your Go application FIPS compliant?

Sam Fowler
May 31, 2022

You can compile Go code on Red Hat Enterprise Linux in such a way that it complies with U.S. Federal encryption standards. Find out how.

More articles on security

Latest Comments

Waiting for Disqus…