Skip to main content

Development

  • Secure coding [Mandatory] - In the development stage security requirements and design should be built into the software. Developers should follow secure coding practices to mitigate against common vulnerabilities. Examples of secure coding practices include OWASP Secure Coding Practices, CERT coding standards and CWE Top 25. Code reviews should also be performed to identify any security issues. A secure code review should examine the code for the following:

➢    Common application vulnerabilities such as input validation, authentication and access control
➢    Weak implementation of security functions such as encryption and access control
➢    Backdoors, logic bombs, and malware 
➢    Undocumented/unnecessary functions 
➢    Known language-specific vulnerabilities 
➢    Application logic vulnerabilities

Output

  • Source code review report
  • Secure code
Back to top