Attention coders! Cybersecurity is only as strong as your weakest link. As a programmer, you are expected to be a problem-solver. You’ll need to make hundreds of decisions every day as you write code. Software development requires perhaps the highest level of responsibility.
Secure coding is now all up to you.
If you don’t know about the specific types of bad practice, your guaranteed to make the same mistakes repeatedly, and creating serious vulnerabilities at your new job.
Most companies deploy a secure development lifecycle after an incident, but you should start, when you are writing the program.
Critical vulnerabilities due to non-secure code, can mean lasting damage and potentially a financial disaster.
1 —Expand Your Security Perspective Early in Development
2 — Adopt A Secure Development Lifecycle Approach
MS SDL or OWASP SAMM (look it up) will provide a framework for your coding process and is a good start.
3 — Be Conscious of The Entire It Environment
You may be responsible for introducing serious problems in the application. You need to detect and resolve vulnerabilities on premises, in the cloud, and in third-party environments.
4 — Prevention = Paranoia
Be aware of defensive programming. Good security is all about being paranoid.
5 —Secure Coding Is More Important Than Technology
Firewalls won’t protect your software code from hackers alone. They might (or might not – that’s a separate conversation) handle existing vulnerabilities. You must take care of the security vulnerabilities at its root. That’s your personal responsibility and you will be held to account.
6 — Make Sure Your Getting Secure Coding Training
You might be learning multiple programming languages. You might be combining them and using different libraries. Make sure you learn and employ thorough coverage of secure coding standards, vulnerability databases and most importantly, critical software weaknesses. Make sure you will be getting hands-on lab exercises in coding native environments to quickly know the vulnerability gaps.
I wish you the best of luck on your new career, IYH, and remember, secure coding will make you a successful “rock-star” programmer.