Secure Coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

Steven Pousty
Red Hat Developer Alumnus

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Free Best Practices Guide for Defensive Coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start Reading

The Latest on Secure Coding & Security

Keycloak: Core concepts of open source identity and access management

Keycloak: Core concepts of open source identity and access management

December 11, 2019

Keycloak provides the flexibility to export and import configurations easily, using a single view to manage everything. Together, these technologies let you integrate front-end, mobile, and monolithic applications into a microservice architecture. In this article, we discuss the core concepts and features of Keycloak and its application integration mechanisms. You will find links to implementation details […]

How to secure microservices with Red Hat Single Sign-On, Fuse, and 3scale

How to secure microservices with Red Hat Single Sign-On, Fuse, and 3scale

October 30, 2019

In this article, we’ll cover microservice security concepts by using protocols such as OpenID Connect with the support of Red Hat Single Sign-On and 3scale. Working with a microservice-based architecture, user identity, and access control in a distributed, in-depth form must be carefully designed. Here, the integration of these tools will be detailed, step-by-step, in […]

Verifying signatures of Red Hat container images

Verifying signatures of Red Hat container images

October 29, 2019

Security-conscious organizations are accustomed to using digital signatures to validate application content from the Internet. A common example is RPM package signing. Red Hat Enterprise Linux (RHEL) validates signatures of RPM packages by default. In the container world, a similar paradigm should be adhered to. In fact, all container images from Red Hat have been […]

3 steps toward improving container security

3 steps toward improving container security

October 21, 2019

As developers increasingly make use of containers, securing them becomes more and more important. Gartner has named container security one of its top 10 concerns for this year in this report, which isn’t surprising given their popularity in producing lightweight and reusable code and lowering app dev costs. In this article, I’ll look at the three […]

Using Keycloak instead of Picketlink for SAML-based authentication

Using Keycloak instead of Picketlink for SAML-based authentication

August 27, 2019

The Picketlink project is now a deprecated module in Red Hat JBoss Enterprise Application Platform (EAP), so there’s a chance that Picketlink will no longer ship with the next release of EAP/Wildfly and that there will not be any fixes in the near future for the picketlink module. Picketlink, however, is now merged with Keycloak, […]

Using Let's Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Using Let's Encrypt with Apache httpd on Red Hat Enterprise Linux 7

August 2, 2019

Getting an SSL certificate for your web server has traditionally been a something of an effort.  You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to […]

Latest Comments

Waiting for Disqus…