Re: [SC-L] Secure Coding Standards

Sun, 28 Sep 2008 07:37:32 -0700 

 
The ones I know of from the OWASP (may not be called "standard", not sure);
 
http://www.owasp.org/index.php/Category:OWASP_Guide_Project (a little bit old, 
new version 
pending)http://www.owasp.org/index.php/OWASP_Backend_Security_Project (an owasp 
SoC '08 project, not finished yet but seems rather comprehensive)
http://www.owasp.org/index.php/Category:Countermeasure (sporadic)
 
cheers,Bedirhan 
Urgunhttp://www.webguvenligi.orghttp://www.owasp.org/index.php/Turkey



Date: Sat, 27 Sep 2008 15:57:40 -0400From: [EMAIL PROTECTED]: [EMAIL 
PROTECTED]: [SC-L] Secure Coding Standards

I am looking for a comprehensive set of secure coding standards to implement 
into my dev organization. These standards should cover Java, Web, and C/C++ as 
well as guidelines for using features like encryption, authentication, SSO, 
SSL, etc. I am open to both publicly available standards as well as 
commercially available standards. So far, I found 

www.securecoding.cert.org - thanks to Robert C. Seacord, 
http://krvw.com/pipermail/sc-l/2008/001401.html 
http://java.sun.com/security/seccodeguide.html
http://wiki.services.openoffice.org/wiki/Cpp_Coding_Standards
DHS Build Security In (kind of) - 
https://buildsecurityin.us-cert.gov/daisy/bsi/home.html
SANS Software Security Institute - http://www.sans-ssi.org/
CERT Top 10 Secure Coding Practices - 
https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices
SANS GIAC Secure Software Programmer - http://www.sans.org/gssp/
 I would greatly appreciate any pointers to other links or to companies who 
have developed and sell these standards.
 
Thanks in advance. 
 
An0n S3c. 
 
_________________________________________________________________
Get more out of the Web. Learn 10 hidden secrets of Windows Live.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
_______________________________________________
Secure Coding mailing list (SC-L) [email protected]
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to