Implement Secure Coding Practices

This standard mandates the implementation of secure coding practices to enforce best practices and prevent common vulnerabilities.

1. Implement Secure Coding Practices:

Enforce best practices to prevent common vulnerabilities. This approach ensures that code is written with security in mind.

• 1.1 Secure Coding Training:
  • 1.1.1 Vulnerability Training:
    • Train engineers on secure coding principles and OWASP Top 10 threats.
    • Automate the delivery of secure coding training.
  • 1.1.2 Training Management:
    • Automate the tracking of training completion.
    • Implement training tutorials.
• 1.2 Input Validation and Parameterised Queries:
  • 1.2.1 Injection Attack Prevention:
    • Use input validation and parameterised queries to prevent injection attacks.
    • Automate the implementation of input validation.
  • 1.2.2 Validation Management:
    • Automate the tracking of validation implementations.
    • Implement validation feedback collection.
• 1.3 Sensitive Data Handling:
  • 1.3.1 Data Storage Prevention:
    • Avoid storing sensitive data in logs, environment variables, or client-side storage.
    • Automate the detection of sensitive data storage.
  • 1.3.2 Storage Management:
    • Automate the tracking of sensitive data handling.
    • Implement handling tutorials.

By implementing secure coding practices, organisations can prevent common vulnerabilities.

---