Secure coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art. 

Getting Started with Secure Coding

8:0
Ep. 1: Input Validation (1 of 2)

Ep. 1: Input Validation (1 of 2)

(Part 1)Learn about recommended practices for producing secure code with input validation in part one of this four-part video series.

6:33
Ep. 1: Input Validation (2 of 2)

Ep. 1: Input Validation (2 of 2)

(Part 2)Learn about recommended practices for producing secure code with input validation in part one of this four-part video series.

7:58
Ep. 2: Numeric Errors

Ep. 2: Numeric Errors

Learn about numeric errors and the dangers of using incorrect data types in part two of this four-part video series.

6:15
Ep. 3: Authorization

Ep. 3: Authorization

Learn about authorization such as user privileges, levels of access, and how they're different in part three of this four-part video series.

8:14
Ep. 4: Security Mentality (1 of 2)

Ep. 4: Security Mentality (1 of 2)

Learn how to start adopting a security-like mentality, also known as the "security mindset" in the first half of part four in this four-part video series.

8:22
Ep. 4: Security Mentality (2 of 2)

Ep. 4: Security Mentality (2 of 2)

Learn how to start adopting a security-like mentality, also known as the "security mindset" in part four of this four-part video series.

Free best practices guide for defensive coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

  • The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
  • Part two is dedicated to secure coding principles from manipulating files to processes.
  • Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Start Reading

Next Steps with Secure Coding

12:52
Easily secure your Spring Boot applications with Keycloak - Part 1

Easily secure your Spring Boot applications with Keycloak - Part 1

Related Blog Post : https://developers.redhat.com/blog/2017/05/25/easily-secure-your-spring-boot-applications-with-keycloak/ Support Github repo : https://...

5:3
Easily secure your Spring Boot applications with Keycloak - Part 2

Easily secure your Spring Boot applications with Keycloak - Part 2

Related Blog Post : https://developers.redhat.com/blog/2017/05/25/easily-secure-your-spring-boot-applications-with-keycloak/ Support Github repo : https://...

red hat logo

Post Quantum Cryptography from RH security blog

SELinux Loves Modularity

SELinux Loves Modularity

Docker Authentication Flow
Oct 31, 2017

Docker Authentication with Keycloak

Josh Cain
owasp

OWASP Top Ten

The Latest on Secure Coding & Security

Featured image for security.
Article

How to visualize your OpenSCAP compliance reports

Juerg Ritter

Get an introduction to SCAPinoculars, a tool that helps you to visualize OpenSCAP reports, and the advantages it brings when used with the OpenShift Compliance Operator.

Featured image for security.
Article

Security policies in open source software

Siddhesh Poyarekar

Explore the motivation behind the GNU toolchain project's new security policies and why more open source communities should adopt policies for their projects.

More secure coding resources

Around Red Hat

SELinux

Strengthen datacenter security

How Red Hat finds vulnerabilities

How Red Hat finds vulnerabilities

understanding security

Not a developer?  Understand IT Security