top | item 15892934

Ask HN: How to secure your code or software?

9 points| forkLding | 8 years ago

I've developed code and apps etc. and have realized the importance of secure coding. What are the general principles that people should adopt when they what to make their code secure and what should they pay attention to?

I've searched around on HN and haven't found a similar thread so decided to start it

6 comments

[+] uruk|8 years ago|reply

OWASP is an excellent source for learning about application security, I advise you to check it out: https://www.owasp.org/index.php/Main_Page

The website's structure migth not be intuitive and there's certainly some outdates stuff there, but their TOP 10 (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...) is a great starting point and they have some nice stack/language-specific docs as well.

[+] SirLJ|8 years ago|reply

Also don't forget the security of the servers...

For example, for myself, since I am the only user of my software (it is not for sale), the server security is much more important...

[+] g0thams-|8 years ago|reply

I certainly agree with familiarizing yourself with OWASP as a resource and community. It's also helpful to think about what threats you are securing your code from. This might be a good place to start: https://www.hacksplaining.com

[+] __strisk|8 years ago|reply

There is a really good course on edX that goes over some key aspects of secure web applications. Just finished it myself. Learned a lot about preventing common oversights such as maintainable password hashing, XSS, CSP, Certificates, etc.

https://www.edx.org/course/web-security-fundamentals-kuleuve...

It pretty much goes over most of the OWASP top 10.

[+] matt_the_bass|8 years ago|reply

Someone once said “you’re only paranoid if you think you have enemies...and you don’t”. So I guess one thing to consider is who are the enemies whom you want to protect yourself from.

[+] R0otChiXor|8 years ago|reply

OWASP