Secure Coding Practices, Part 11: The Checklist

by Steven McElwee, CISSP

This post wraps up the series on secure coding practices. Remember that secure coding begins with having coding standards that are communicated to software engineers. Awareness of the secure coding practices alone will help improve the security of your software applications.

Next, remember that source code must be reviewed. This practice may be performed by software engineers, by a security analyst, or both. Any violation of secure coding practices should be noted and tracked for follow up. Consider tracking these vulnerabilities in your defect tracking system to ensure they are addressed.

Please feel free to use the Red Light Security secure code checklist, "Fifty Questions to Improve Software Security", as a guide to get started. It summarizes all of the questions found in the posts of this series.