What is Secure Coding?
July 15, 2018

What Is Secure Coding?

Security & Compliance
Coding Best Practices

What Is Secure Coding?

Secure coding is the practice of writing software that's protected from vulnerabilities. 

And secure coding is more important today than ever before.

Secure Coding Is Important

Secure coding is important for all software — whether you write code that runs on mobile devices, personal computers, servers, or embedded devices.

So, you should become familiar with the techniques and tools to support this practice.

Risks of Insecure Software

An insecure application lets hackers in. They can take direct control of a device — or provide an access path to another device.

This can result in:

  • Denial of service to a single user
  • Compromised secrets.
  • Loss of service.
  • Damage to the systems of thousands of users. 
  • Loss of life. 

3 Secure Coding Practices

1. Don't Leave Security Until the End

Don't leave security until the end of development. 

Adding a deadbolt to a door made out of cardboard won’t make it more secure. In the same way, an insecure device or application may require extensive redesign to become secure.

It's not just a matter of adding a lock. 

Related Blog: 3 Best Practices for Secure Software Development

2. Consider the Motive for Attack

Hackers Weren't Always Bad...

The term "hacker" usually carries negative connotations.

But within the computing community, the term refers to an expert coder. It's someone who likes the challenge of examining the intricacies of code or an operating system.

So, in general, hackers are not malicious or criminals. Often when hackers find security vulnerabilities in code, they provide information to the organization that’s who wrote the software. They help to fix the problem. Some companies are now even offering a bounty reward to hackers who find bugs in their software.

However, some hackers publish the vulnerabilities. Or even devise and publish exploits (code that takes advantage of the vulnerability).

Attackers Have Motives

Attackers have a variety of motives.

Some may be looking to steal money, information identities, and other secrets for personal gain. They may be looking for corporate secrets for their employer’s or their own use. Or they might even be looking for state secrets to be used by hostile governments or terrorist organizations.

Some hackers break into applications or operating systems just to demonstrate their skills and gain bragging rights.

Nevertheless, they can cause considerable damage. Because attacks can be automated and replicated, any weakness, no matter how slight, can be exploited.

So, you need to identify and understand the nature of the threats to your software. Then, you can address them. 

Related Blog: How to Prevent Malicious Code

3. No One Is Safe

Devices and applications are constantly under attack.

Black hat hackers find new vulnerabilities and publish exploit code. Criminals and malcontents then use that exploit code to attack vulnerable systems. And the hackers have an increasingly easier time finding devices to attack.  

Major attacks of viruses or worms get a lot of attention from the media. It doesn't need to be a massive attack to cause monetary and other damages, either. A single break in a device often goes unnoticed. But it can have a significant impact on a person or business.

Related Blog: CWE List & CERT Secure Coding Standards

Make Sure Your Code Is Secure

Secure code protects your software. 

That's why it's important to incorporate secure coding practices throughout the planning and development of your product. Using secure coding standards — such as CERT — is key. 

This is especially important for embedded systems developers. Learn how to incorporate security practices into your code. 

How to Improve Embedded Systems Security