Secure coding
Secure coding is the practice of software development that guards programs against security vulnerabilities, and makes it resistant to malicious attacks right from program design to implementation. It is about writing code that is inherently secure as opposed to thinking of security as a layer which is added on later.
The philosophies behind secure coding include the following:
Security is an aspect to be considered right from the design and development of a program or application; it is not an afterthought.
Security requirements should be identified early in the development cycle, and these should be propagated to subsequent stages of development of the system to make sure that compliance is maintained.
Use threat modeling to anticipate security threats to the system from the beginning. Threat modeling involves the following:
Identifying important assets (code/data).
Decomposing the application into components.
Identifying and categorizing threats to each asset or component.
Ranking...