Recommendation and References¶
Additional General Practices and Resources¶
-
Clearly define roles and responsibilities
-
Provide development teams with adequate software security training
-
Implement a secure software development lifecycle: OWASP CLASP Project
-
Establish secure coding standards: OWASP Development Guide Project
-
Build a re-usable object library: OWASP Enterprise Security API (ESAPI) Project
-
Verify the effectiveness of security controls: OWASP Application Security Verification Standard (ASVS) Project)
-
Establish secure outsourced development practices including defining security requirements and verification methodologies in both the request for proposal (RFP) and contract. OWASP Legal Project
External References¶
- Refer Secure Coding Guidelines for Java SE from Oracle
- Common Weakness Enumeration (CWE)
- SQL Injection Cheat Sheet
- Cross Site Scripting (XSS) Cheat Sheet
- Sans and TippingPoint "The Top Cyber Security Risks"
- Web Application Security Consortium
- Department of Homeland Security - Build Security in Portal
- CERT Secure Coding
- MSDN Security Developer Center
- Secure Coding Guidelines for Java SE