The objective of the Secure Coding Standard is to provide the software engineers and developers involved in application development with the uniform set of rules with regard to secure coding practices.
This document applies to all practitioners who are responsible for designing, developing, implementing and maintaining systems internally developed or externally acquired.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. SECURE CODING OVERVIEW
4. COMMON VULNERABILITY AND ARCHITECTURE STANDARDS
5.2 BROKEN AUTHENTICATION AND SESSION MANAGEMENT
5.3 CROSS-SITE SCRIPTING (XSS)
5.4 INSECURE DIRECT OBJECT REFERENCES
5.5 SECURITY MISCONFIGURATIONS
5.6 CONFIDENTIAL DATA EXPOSURE
5.7 MISSING FUNCTION LEVEL ACCESS CONTROL
5.8 CROSS-SITE REQUEST FORGERY (CSRF)
5.9 USING COMPONENTS WITH A KNOWN VULNERABILITY
5.10 UNVALIDATED REQUESTS AND FORWARD
7. FINAL CONSIDERATIONS
7.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
7.2 DOCUMENT REVISION
This bundle contains all the products listed in the Program Development and Change Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of the Vulnerability Alerts Procedure is to describe the vulnerability alerts process, which sets a consistent approach for the distribution, evaluation and follow-up of vulnerability alerts regarding Information Systems within IT environment.
The objective of the Change Management and Testing Procedure is to define the approach and overall framework for software developments and the way they are implemented within the Company.