Most of the SANS classes are network/infrastructure related, but some
of them are made specifically for secure coding in a particular
language. I'm an instructor and courseware developer for Security 541,
the secure coding in Java / JEE class
(http://www.sans.org/ns2008/description.php?tid=1937).
As a compliment to coding standards you may want to consider using the
Common Weakness Enumeration (CWE) as a target list of coding, design and
implementation issues you are trying to minimize through use of those
coding standards.
Using the CWEs can also help you to drive and correlate your te
An0n S3c,
i see you have already found our site, but i should probably take this
opportunity to provide a couple of updates.
first of all, CERT has released the Java Secure Coding Standard in
addition to existing secure coding standards for the C and C++
programming languages. CERT invites the Ja
Jim
Thanks. I will add that to the list.
An0n S3c
On Sun, Sep 28, 2008 at 1:45 PM, Jim Manico <[EMAIL PROTECTED]> wrote:
> Andrew van der Stock is also approaching this issue from a high level at
>
> http://www.greebo.net/2008/09/24/coding-standard/
>
> His list looks rather complete.
>
> - Jim
>
EMAIL PROTECTED] On Behalf Of anon sec
Sent: 27 September 2008 20:58
To: sc-l@securecoding.org
Subject: [SC-L] Secure Coding Standards
I am looking for a comprehensive set of secure coding standards
to implement into my dev organization. These standar
Andrew van der Stock is also approaching this issue from a high level at
http://www.greebo.net/2008/09/24/coding-standard/
His list looks rather complete.
- Jim
> My thoughts...
>
> You standards really need more context - the standards for Java thick
> client vs Java server/web code would be r
My thoughts...
You standards really need more context - the standards for Java thick
client vs Java server/web code would be rather different, for example.
Make sure your guide gives recomendations specific to the context of the
application type.
On that note, other thoughts
* Robert Seacord
Category:Countermeasure (sporadic)
>
> cheers,
> Bedirhan Urgun
> http://www.webguvenligi.org
> http://www.owasp.org/index.php/Turkey
>
>
> --
>
> Date: Sat, 27 Sep 2008 15:57:40 -0400
> From: [EMAIL PROTECTED]
> To: sc-l@secur
d yet but seems rather comprehensive)
http://www.owasp.org/index.php/Category:Countermeasure (sporadic)
cheers,Bedirhan
Urgunhttp://www.webguvenligi.orghttp://www.owasp.org/index.php/Turkey
Date: Sat, 27 Sep 2008 15:57:40 -0400From: [EMAIL PROTECTED]: [EMAIL
PROTECTED]: [SC-L] Secure Coding
I am looking for a comprehensive set of secure coding standards to implement
into my dev organization. These standards should cover Java, Web, and C/C++
as well as guidelines for using features like encryption, authentication,
SSO, SSL, etc. I am open to both publicly available standards as well as
10 matches
Mail list logo
