Open in app

Sign in

Write

Sign in

Mastodon

Bookmark these ultimate learning resources for Secure Coding

πŸš€ Get a good grip on Secure Coding with these learning resources πŸ”’

Sanjeev Jaiswal (Jassi)
4 min read1 day ago

Secure coding is critical for building resilient software and protecting systems against vulnerabilities. Here’s a list of top resources for mastering secure coding and secure code reviews to aid your journey.

These are the learning resources that I referred to while learning and performing secure code design and reviews.

Secure Coding Learning References

  1. Introduction to secure coding: http://www.opensecuritytraining.info/IntroSecureCoding.html
  2. Secure code review: http://www.opensecuritytraining.info/SecureCodeReview.html
  3. OWASP Code Review Guide v2: https://www.owasp.org/images/5/53/OWASP_Code_Review_Guide_v2.pdf
  4. Secure coding practice guidelines: https://security.berkeley.edu/secure-coding-practice-guidelines
  5. Secure coding from Cybrary: https://www.cybrary.it/course/secure-coding/
  6. Common API Security pitfalls: https://vimeo.com/289491341
  7. HTTPs for developers: https://www.youtube.com/watch?v=aE0DJy_qGW8
  8. Micro-services, let’s secure them: https://www.youtube.com/watch?v=EDLCfTLEeJU
  9. OAuth, OpenID connect for microservices: https://www.youtube.com/watch?v=BdKmZ7mPNns
  10. OAth and OpenID connect in plain English: https://www.youtube.com/watch?v=996OiexHze0
  11. OAuth2.0, overview: https://www.youtube.com/watch?v=CPbvxxslDTU
  12. Nut & Bolts of API Security: https://www.youtube.com/watch?v=tj03NRM6SP8
  13. Web Security Fundamentals course from edx: https://courses.edx.org/courses/course-v1:KULeuvenX+WEBSECx+3T2017/course/
  14. SSL and HTTPS from MIT: https://www.youtube.com/watch?v=q1OF_0ICt9A
  15. GitLab security secure coding page: https://about.gitlab.com/handbook/engineering/security/secure-coding-training.html
  16. Secure Coding Guide by Apple: https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html#//apple_ref/doc/uid/TP40002477-SW1
  17. Secure by design principles by UK Government, Security: https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/

Secure Coding PDFs:

  1. https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/secure_coding.pdf
  2. https://www.cs.montana.edu/courses/csci476/topics/secure_coding_principles.pdf
  3. https://www.riscure.com/uploads/2020/03/Secure_Coding_Fundamentals_2020.pdf
  4. https://infosec.byu.edu/https:/brightspotcdn.byu.edu/14/01/8f3a1be2450d9200c6e1ab9d9942/csr-and-dev-man-intro-to-the-secure-development-training-program.pdf
  5. JavaScript Secure Coding: https://compliance.qcert.org/sites/default/files/library/2020-10/CDP-%20NIAF-SSQA-JSSCS%20-V1.1%20%28JavaScript_Coding_Standard%29_0.pdf
  6. Secure Coding with Python: https://belitsoft.com/assets/python-security.pdf
  7. From Secure Coding to Secure Software: https://resources.sei.cmu.edu/asset_files/webinar/2016_018_100_483661.pdf
  8. CERT Secure Coding Standards: http://www.open-std.org/jtc1/sc22/wg23/docs/ISO-IECJTC1-SC22-WG23_N0023-Secure-Coding-Standards.pdf

5 useful resources to start learning secure code review:

  1. https://www.veracode.com/security/secure-code-review
  2. https://www.owasp.org/index.php/Secure_Code_Review_Guide
  3. https://resources.infosecinstitute.com/secure-code-review-process-guidelines/
  4. https://searchsecurity.techtarget.com/definition/secure-code-review
  5. https://www.acunetix.com/blog/articles/secure-code-review-process/

Bugcrowd YouTube videos for API security:

  1. https://www.youtube.com/watch?v=jBi3a-dXsM8
  2. https://www.youtube.com/watch?v=hYJ7ipSOplw

Security Checklist

  1. Node.js security checklist: https://blog.risingstack.com/node-js-security-checklist/
  2. Application Threat Modeling: https://www.owasp.org/index.php/Application_Threat_Modeling

Here are some more Secure Coding guidelines references

  1. Secure Coding Cheat Sheet β€” OWASP
  2. Hints for writing secure code | Java Code Geeks
  3. OWASP Java Table of Contents β€” OWASP
  4. Category:OWASP Enterprise Security API β€” OWASP
  5. Overview (ESAPI 2.0.1 API)
  6. Secure SDLC Cheat Sheet β€” OWASP
  7. Blocking Brute Force Attacks β€” OWASP
  8. HTTP Response Splitting β€” OWASP
  9. Category:Java β€” OWASP
  10. Session Timeout β€” OWASP
  11. Java Security Resources β€” OWASP
  12. Core Security Patterns β€” Ramesh Nagappan CISSP, Chris Steel CISSP and Ray Lai
  13. Java 2 Platform Security | Java Security Architecture
  14. SEI CERT Oracle Coding Standard for Java β€” CERT Oracle Coding Standard for Java β€” CERT Secure Coding Standards
  15. Rule 14. Serialization (SER) β€” CERT Oracle Coding Standard for Java β€” CERT Secure Coding Standards
  16. Guidelines for Java Developers (Ch. 7, Sec. 1) [Securing Java]
  17. Penetration Testing Tools :: Collections :: Add-ons for Firefox
  18. Error Handling, Auditing and Logging β€” OWASP
  19. https://software-security.sans.org/2009/05/25/logging-cookies-in-apache/
  20. Getting Started with the Force.com REST API β€” developer.force.com
  21. Session Management Cheat Sheet β€” OWASP
  22. Reviewing Code for Session Integrity issues β€” OWASP
  23. DefaultHTTPUtilities.java β€” owasp-esapi-java β€” OWASP Enterprise Security API (Java Edition) β€” Google Project Hosting
  24. 5 tips to fight session hijacking for web applications β€” Java EE Development Blog
  25. Java Secure JEE Training | Secure Coding Training | Application Security
  26. https://www.sans.org/reading-room/whitepapers/application/attacks-oauth-secure-oauth-implementation-33644
  27. Finding Additional Resources | Force.com REST API Developer’s Guide | Salesforce Developers
  28. Security Code Review in the SDLC β€” OWASP
  29. Category:Code Snippet β€” OWASP
  30. OWASP Code Review Guide Table of Contents β€” OWASP
  31. Searching for Code in J2EE/Java β€” OWASP
  32. Java leading security practice β€” OWASP
  33. Java gotchas β€” OWASP
  34. Reviewing Web Services β€” OWASP
  35. The Owasp Code Review Top 9 β€” OWASP
  36. Rule 17. Java Native Interface (JNI) β€” CERT Oracle Coding Standard for Java β€” CERT Secure Coding Standards
  37. Projects/OWASP Secure Coding Practices β€” Quick Reference Guide/Releases/SCP v2 β€” OWASP
  38. OWASP Secure Coding Practices β€” Quick Reference Guide β€” OWASP
  39. StuHunt.com | Offer Details
  40. StuHunt.com | Offer Details
  41. Measure Resource Loading Times | Web Tools β€” Google Developers
  42. Java Coding Guidelines β€” CERT Oracle Coding Standard for Java β€” CERT Secure Coding Standards
  43. ZAProxy Plugin β€” Jenkins β€” Jenkins Wiki
  44. Secure Coding Guidelines for Java SE
  45. Secure Coding Guidelines for the Java Programming Language, Version 3.0 (Sean Mullan’s Blog)
  46. Twelve rules for developing more secure Java code | JavaWorld
  47. Rule 00. Input Validation and Data Sanitization (IDS) β€” CERT Oracle Coding Standard for Java β€” CERT Secure Coding Standards
  48. Intro to Pipeline Security β€” Jenkins (1/3) β€” breakFix
  49. Jersey 2.22.1 User Guide
  50. Best Practices for Designing a Pragmatic RESTful API | Vinay Sahni
  51. 10 Steps to Secure Software β€” DZone Web Dev
  52. Getting Started With RetroPie β€” DZone IoT
  53. Understandβ„’ Static Code Analysis Tool | SciTools.com
  54. Customers | SciTools.com
  55. https://d1dejaj6dcqv24.cloudfront.net/videos/2013/qualysguard/web-application-scanning/qualysguard-was-crawl-settings-selenium/qualysguard-was-crawl-settings-selenium β€” Broadband.m4v
  56. Security HTTP Response Headers
  57. Best Practices for Mobile Application QA in an Agile Environment β€” Recorded Webinar by Experitest &Syntel
  58. Security: Secure Internet Data Transmission.
  59. Threat Risk Modeling β€” OWASP
  60. Secure Coding Guidelines for Java SE
  61. NIST.gov β€” Computer Security Division β€” Computer Security Resource Center
  62. PowerPoint Presentation
  63. HTTPUtilities (ESAPI 2.0.1 API)
  64. HTTP Authentication: www.ietf.org/rfc/rfc2617.txt
  65. WebDAV β€” Wikipedia, the free encyclopedia
  66. Top 10 Coding Guidelines for Java | CERT NEWS
  67. Generating Amazon S3 Pre-signed URLs with SSE (Part 1) | AWS Developer Blog
  68. Security Functions | Security Question | HackerRank
  69. amazon s3 β€” What is the purpose of the expiration time in signed S3 urls? β€” Information Security Stack Exchange
  70. 9 Software Security Design Principles β€” DZone Java
  71. Email, website and IP spoofing: How to prevent a spoofing attack
  72. Security HTTP Response Headers

Summary:

Stay consistent and incorporate these practices into daily development. Remember, Security is everyone’s responsibility!

A Request: Have other great resources or tips? Drop them in the comments!

#SecureCoding #ApplicationSecurity #APISecurity #Cybersecurity

Connect with me for cybersecurity articles:

  1. Linkedin: https://www.linkedin.com/in/jassics
  2. Medium: https://jassics.medium.com
  3. YouTube: https://www.youtube.com/jassics
  4. Github: https://www.github.com/jassics
Application Security
Secure Coding
Cybersecurity
Learning Resources
Secure Code

--

--

Sanjeev Jaiswal (Jassi)
Sanjeev Jaiswal (Jassi)

Written by Sanjeev Jaiswal (Jassi)

91 Followers
79 Following

Cloud Security, Application Security, DevSecOps, Python, Author, Trainer. I also provide career guidance to freshers and professionals in cybersecurity space.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams