Ensuring Secure Coding Practices in Software Development

July 7, 2020 10:04 am Aidan Simpson

These days, software development looks a lot different from that which took place even 15, 20 years ago. There are a few different reasons for this, and we can highlight things like Agile development versus Waterfall, for example, but the main reason is the absolute warp speed with which applications and software need to get to market to be effective.  

Security Concepts and Secure Coding Standards

It’s why we hear terms like ‘minimum viable product’ and ‘core functionality’ so much in the development world. The widely-used and accepted software development methodologies of today are simply there to enable the process. 

Delivering a product, or product features, can be stressful for developers trying to ship a website which will change the game for their company, or add great new functionality to their app before the competition does. 

Security is not always the primary development driver, and can sometimes be an afterthought. Most website releases to combat this happen invisibly, but how often do we see updates released for applications on our phones, for example, which ‘address a security concern’? 

Attackers will use any means at their disposal to achieve their goals, and see any application vulnerability as an opportunity to exploit organisations. This allows them to steal data, impersonate users, deface websites and much more. 

Open Web Application Security Project (OWASP) 

It is these concerns which the Open Web Application Security Project (OWASP) was established to support, and implementing the recommendations from OWASP is globally recognised by developers as the first step towards more secure coding. 

For our Secure Coding series, we chose to be guided by OWASP as it is a widely-accepted source of truth for application security, and standardises the opinions of the development community. 

OWASP describe themselves as: 

‘…An open-minded community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.’ 

In reality, they also provide a non-biased overview of issues which are seen, industry-wide, as the main contributors to data theft and loss. 

Secure Coding eLearning Series 

Our Secure Coding series seeks to distil the information collated by OWASP into a format which can be easily digested by anyone who needs to be aware of application security issues. It is also designed to be modular, so as the OWASP Top 10 changes to reflect the current threat landscape, we can quickly pivot to reflect the latest information.  

Of course, application and software security is not all about remediation. It needs to be a carefully considered factor which is ingrained throughout all SDLC methodologies; security built in as standard. Developers would agree that it is impossible to throw out your entire development strategy in order to rebuild it from the ground up with security in mind. It’s an ideal, but it’s just not realistic.  

Using OWASP as a foundation, the strength of the MetaCompliance Secure Coding Series is that it allows development teams to organically introduce security concepts which become the standard for their software and applications. 

Find out More

MetaLearning Fusion is the next generation of eLearning and it has been specifically designed to provide the best possible Cyber Security and privacy training for your staff.

It enables organisations to build bespoke courses for their staff from an extensive library of short eLearning courses. The courses are easy to create and can be personalised and branded to make the content more relevant to your employees. 

Get in touch for further information on how MetaLearning can be used to transform Cyber Security training within your organisation.