This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
security:securecode [2015/04/10 14:43] Luke Hinds [CWE/SANS Top 25 Most Dangerous Programming Errors] |
security:securecode [2015/04/29 12:21] (current) Marcel Winandy Added link to IEEE CSD Avoiding Top 10 Security Flaws |
||
---|---|---|---|
Line 9: | Line 9: | ||
===== Gerrit Security Impact Code Review ===== | ===== Gerrit Security Impact Code Review ===== | ||
- | We also strongly recommend to make use of the Gerrit secure code review tag we have. Any commit or comment to gerrit with the words 'SecurityImpact' will automatically email the security group for comment. | + | We also strongly recommend to make use of the Gerrit secure code review tag we have. Any commit (or commit amend) with the words 'SecurityImpact' will automatically email the security group for gerrit based review. |
==== Help review! ==== | ==== Help review! ==== | ||
You can never have enough eyes, doing security code reviews. If you have an interest in helping review code, please sign up to the [[https://lists.opnfv.org/mailman/listinfo|opnfv-security list]] | You can never have enough eyes, doing security code reviews. If you have an interest in helping review code, please sign up to the [[https://lists.opnfv.org/mailman/listinfo|opnfv-security list]] | ||
- | ===== CWE/SANS Top 25 Most Dangerous Programming Errors ===== | ||
- | A very good reference to for those new (and old) to secure coding conventions, is the CWE/SANS Top 25 Most Dangerous Programming Errors. The CWE give real world examples, of exactly how insecure code can be exploited. | + | |
+ | ===== CWE/SANS Top 25 ===== | ||
+ | |||
+ | A very good reference for those new (and old) to secure coding conventions, is the CWE/SANS Top 25 Most Dangerous Programming Errors. The CWE give real world examples, of exactly how insecure code can be exploited. | ||
Below is a simplified list, with a link to the CWE page that contains greater detail. | Below is a simplified list, with a link to the CWE page that contains greater detail. | ||
Line 179: | Line 181: | ||
http://cwe.mitre.org/data/definitions/602.html | http://cwe.mitre.org/data/definitions/602.html | ||
- | |||
- | |||
- | |||
===== Other useful reference sources ===== | ===== Other useful reference sources ===== | ||
Line 187: | Line 186: | ||
You may find the following resources also very helpful. | You may find the following resources also very helpful. | ||
- | ===== OSSG ===== | + | ==== OSSG Developer Guidelines ==== |
- | The OSSG (OpenStack Security Group) have authored a very good set of guidelines (mostly speficic to python). These can be found on Robert Clarks [[https://github.com/openstack-security/Developer-Guidance|on the following github repository]] | + | The OSSG (OpenStack Security Group) have authored a very good set of guidelines (mostly specific to python). These can be found on Robert Clarks [[https://github.com/openstack-security/Developer-Guidance|Github repository]] |
==== OWASP ==== | ==== OWASP ==== | ||
Line 204: | Line 203: | ||
- | ===== CERT ===== | + | ==== CERT ==== |
The CERT standards are a very good free resource. Languages covered are C, C++, Java, Perl. It is currently hosted on a confluence space at cert [[https://www.securecoding.cert.org/confluence/display/seccode/CERT+Coding+Standards |over here]] | The CERT standards are a very good free resource. Languages covered are C, C++, Java, Perl. It is currently hosted on a confluence space at cert [[https://www.securecoding.cert.org/confluence/display/seccode/CERT+Coding+Standards |over here]] | ||
- | ===== safecode ===== | + | ==== safecode ==== |
The [[http://www.safecode.org/publication/SAFECode_Dev_Practices0211.pdf|Safe Code Development Practices guide]] | The [[http://www.safecode.org/publication/SAFECode_Dev_Practices0211.pdf|Safe Code Development Practices guide]] | ||
+ | |||
+ | ==== IEEE Computer Society's Center for Secure Design (CSD) ==== | ||
+ | |||
+ | [[http://cybersecurity.ieee.org/center-for-secure-design/avoiding-the-top-10-security-flaws.html|Avoiding the Top 10 Security Flaws]] |