Wiki

User Tools

Site Tools

Trace:
security:securecode

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
security:securecode [2015/04/10 14:38]
Luke Hinds 		security:securecode [2015/04/29 12:21] (current)
Marcel Winandy Added link to IEEE CSD Avoiding Top 10 Security Flaws
Line 9: Line 9:
 ===== Gerrit Security Impact Code Review =====  ===== Gerrit Security Impact Code Review ===== 
  
-We also strongly recommend to make use of the Gerrit secure code review tag we have. Any commit or comment to gerrit ​with the words '​SecurityImpact'​ will automatically email the security group for comment+We also strongly recommend to make use of the Gerrit secure code review tag we have. Any commit ​(or commit amend) ​with the words '​SecurityImpact'​ will automatically email the security group for gerrit based review
  
-===== CWE/SANS Top 25 Most Dangerous Programming Errors =====+==== Help review! ​====
  
-A good standard to start with, for those new to secure coding, is the CWE/SANS Top 25 Most Dangerous Programming Errors+You can never have enough eyes, doing security code reviews. If you have an interest in helping review code, please sign up to the [[https://​lists.opnfv.org/​mailman/​listinfo|opnfv-security list]] 
 + 
 + 
 +===== CWE/SANS Top 25 ===== 
 + 
 +very good reference ​for those new (and old) to secure coding ​conventions, is the CWE/SANS Top 25 Most Dangerous Programming Errors. The CWE give real world examples, of exactly how insecure code can be exploited.  
 + 
 +Below is a simplified list, with a link to the CWE page that contains greater detail.
  
 ==== Improper Input Validation ==== ==== Improper Input Validation ====
Line 174: Line 181:
  
 http://​cwe.mitre.org/​data/​definitions/​602.html http://​cwe.mitre.org/​data/​definitions/​602.html
- 
- 
- 
  
 ===== Other useful reference sources ===== ===== Other useful reference sources =====
Line 182: Line 186:
 You may find the following resources also very helpful. You may find the following resources also very helpful.
  
-===== OSSG ===== +==== OSSG Developer Guidelines ​==== 
    
-The OSSG (OpenStack Security Group) have authored a very good set of guidelines (mostly ​speficic ​to python). These can be found on Robert Clarks [[https://​github.com/​openstack-security/​Developer-Guidance|on the following github ​repository]]+The OSSG (OpenStack Security Group) have authored a very good set of guidelines (mostly ​specific ​to python). These can be found on Robert Clarks [[https://​github.com/​openstack-security/​Developer-Guidance|Github ​repository]]
  
 ==== OWASP ==== ==== OWASP ====
Line 199: Line 203:
  
  
-===== CERT ===== +==== CERT ==== 
  
 The CERT standards are a very good free resource. Languages covered are C, C++, Java, Perl. It is currently hosted on a confluence space at cert [[https://​www.securecoding.cert.org/​confluence/​display/​seccode/​CERT+Coding+Standards |over here]] ​ The CERT standards are a very good free resource. Languages covered are C, C++, Java, Perl. It is currently hosted on a confluence space at cert [[https://​www.securecoding.cert.org/​confluence/​display/​seccode/​CERT+Coding+Standards |over here]] ​
  
  
-===== safecode ​===== +==== safecode ==== 
  
 The [[http://​www.safecode.org/​publication/​SAFECode_Dev_Practices0211.pdf|Safe Code Development Practices guide]] The [[http://​www.safecode.org/​publication/​SAFECode_Dev_Practices0211.pdf|Safe Code Development Practices guide]]
 +
 +==== IEEE Computer Society'​s Center for Secure Design (CSD) ====
 +
 +[[http://​cybersecurity.ieee.org/​center-for-secure-design/​avoiding-the-top-10-security-flaws.html|Avoiding the Top 10 Security Flaws]]
security/securecode.1428676712.txt.gz · Last modified: 2015/04/10 14:38 by Luke Hinds

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki