• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.701 ■ Fall 2022 ■ William Bailey
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project
  • Class Capture Videos

Question 2

November 9, 2022 by William Bailey 15 Comments

What are secure coding practices and what risks are they intended to mitigate?

Filed Under: Unit 13: Computer Application Security Tagged With:

Reader Interactions

Comments

  1. David Vanaman says

    November 14, 2022 at 7:22 pm

    Secure coding practices are collections of best practices and standards for writing code. The most well know is probably the OWASP list posted by the Open Web Application Security Project to assist web programmers in simply and easily improving security for websites.
    Secure coding standards help to address risks that are foundational in the way code is written. Items addressed are things like hardcoded passwords, SQL and XSS vulnerabilites, insecure logging and the like. They provide a foundation for developers to ensure that they are keeping best practices in mind. Good secure coding doesn’t just address the code, it also looks at the entire process from designing code with securing in mind to testing and storing code securely

    Log in to Reply
  2. Nicholas Foster says

    November 14, 2022 at 8:46 pm

    Secure coding practices comprise of developing code with security in mind. According to the SANS reading under section four “Secure Programming Practices” it lists Inputs, Program Logic, Call outs to external routines, access to data (might include read, write, or both) and Outputs. These characteristics carry their own vulnerabilities based on correlating threat vectors. Each characteristic should be considered in order to mitigate applicable vulnerabilities.

    Log in to Reply
    • Jill Brummer says

      November 14, 2022 at 9:34 pm

      I agree with your response regarding the readings and also agree that the risk intended to be mitigated are applicable vulnerabilities. In addition to vulnerabilities, I also would comment that mitigating the risk that the system would be unreliable (i.e. not being able to rely on the data and outputs due to data wasn’t validated prior to implementation).

      Log in to Reply
  3. Jill Brummer says

    November 14, 2022 at 9:24 pm

    There are several secure coding practices referenced in the SANS reading. Secure coding practices include input validation, program logic, and access data to name a few. It is important that a company implements secure coding policies and ensures that they are adhered to.

    Secure coding practices intend to mitigate the risk of implementing an unreliable system or application. Additionally, secure coding practices also mitigate the risk of vulnerabilities.

    Log in to Reply
    • Kenneth Saltisky says

      November 16, 2022 at 12:02 pm

      Hi Jill,

      To expand on some specific secure coding practices:
      -Access Data should be based on minimum needed data to prevent data leakage or potential injection.
      -Program Logic should follow a strict and well-structured flow with controls in place to prevent potential Race conditions that could bypass necessary validations.
      -Output should only display necessary data to the user in a formatted and readable design to prevent unnecessary data leakage to the user.

      Log in to Reply
  4. Abayomi Aiyedebinu says

    November 15, 2022 at 4:29 am

    “Secure coding, also referred to as secure programming, involves writing code in a high-level language that follows strict principles, with the goal of preventing potential vulnerabilities.” Secure coding is more than just writing, compiling, and releasing code into applications. For a secure coding to be effective and functional there is a need to create a secure development environment built on a reliable and secure IT infrastructure using secure hardware, software, and services and providers.

    https://snyk.io/learn/secure-coding-practices/

    Log in to Reply
    • Maxwell ODonnell says

      November 18, 2022 at 3:31 pm

      Hi Abayomi,
      It great to point out that its more than just creating a secure application, The environment in which and methodologies used to create the application securely are paramount to the security of the final project.

      Log in to Reply
  5. Parmita Patel says

    November 15, 2022 at 4:12 pm

    Secure coding is using best practice while you are building your program. We would want the developers to follow certain training practices to make the code secure going further. Some of the things to look for when you are testing is input validation, output encoding and access control etc. We want to be able to prevent vulnerabilities and create an environment where it is safe to deploy data and somewhere we can test and make sure it works like it is intended to. We want to be able to provide a safe environment for our clients and stakeholders.

    Log in to Reply
    • Shepherd Shenjere says

      November 15, 2022 at 7:10 pm

      Secure coding practices are very crucial in software development as they protect us from potential exploits.

      Log in to Reply
  6. Matthew Stasiak says

    November 15, 2022 at 4:38 pm

    Secure coding practices involve applying development processes that are intended to predict and mitigate the attempt of exploiting code flaws. These can be present in so many different parts of development and can also exist from the development environment through inadequate access control. Secure code can reduce the risk of tempering from third parties and limit the amount of abuse that is displayed by outside threats when the application is released to the public, and most of this can be reduced through testing at each stage of the development process.

    Log in to Reply
    • Maxwell ODonnell says

      November 18, 2022 at 3:29 pm

      Hi Matthew,
      I agree that testing should be done at each stage of the development process. In recent years software development styles like agile and TTD have become extremely popular in favor of more traditional styles like a waterfall. I believe this is because these styles incorporate testing at each stage in comparison to the waterfall which has a single testing stage, albeit in-depth, and may miss some critical errors that could have been avoided.

      Log in to Reply
  7. Shepherd Shenjere says

    November 15, 2022 at 7:08 pm

    Secure coding is the principle of designing code that adheres to code security best practices, safeguard and protects published code from known, unknown and unexpected vulnerabilities. Some of the secure coding practices mentioned in SANS readings includes input validations, program logic, call outs to external routines, and access to data. These mitigates potential or known issues for example input validation; according to SANS, Un-validated inputs pose the greatest threat among all the types of programming flaws. As per the “The Ten Most Critical Web Application Security Vulnerabilities” security paper published by Open Web Application Security Project [owasp2], “Un-validated parameter” is one of the top vulnerabilities.

    Log in to Reply
  8. Kenneth Saltisky says

    November 16, 2022 at 11:52 am

    Secure coding practices are designed to have security in place during the development process so as to lower risks from potential vulnerabilities. For example, input sanitation and validation help prevent potential SQL injections and other inputs that could result in an overflow or unhandled characters. Program logic should prevent race conditions from occurring that bypass validation. Access to data should be based on minimum requirements and logged as to monitor data usage.

    Log in to Reply
  9. Maxwell ODonnell says

    November 16, 2022 at 4:47 pm

    Some of the risks that need to be mitigated are access control flaws, SQL injections, cross-site scripting, avoiding race conditions, and buffer overflow attacks. Following proper coding practices, these can all be avoided like input and output validation, managing access control, using mutex locks and semaphores, error handling, and memory management. It is also important throughout the development process that code is tested vigorously to find and fix any bugs prior to release. Using a software development style like TTD (test-driven development) allows the applications to mitigate all these risks by meticulously testing each part of the code before moving to the next cycle of development.

    Log in to Reply
  10. Samuel Omotosho says

    November 17, 2022 at 4:11 pm

    Secure coding, also known as secure programming, entails writing code in a high-level language that adheres to strict guidelines to prevent potential vulnerabilities. Writing, compiling, and releasing code into an application is only one aspect of secure coding practice. Additional practices include code minification and obfuscation, automated scanning and code reviews, and auditing and logging (Sharma & Semwal, 2022). A secure development environment based on dependable and secure IT infrastructure using secure hardware, software, services, and providers should be created to embrace secure programming fully.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (6)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (3)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (2)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2023 · Course News Pro on Genesis Framework · WordPress · Log in