Secure Coding mailing list archives
Secure Coding Standards
From: an0n.s3c at gmail.com (anon sec)
Date: Sun, 28 Sep 2008 11:34:24 -0400
Thanks. The OWASP Developer Guide Version 3 looks promising. Thanks again An0n S3c http://an0ns3c.blogspot.com On Sun, Sep 28, 2008 at 10:23 AM, Bedirhan Urgun <urgunb at hotmail.com> wrote:
The ones I know of from the OWASP (may not be called "standard", not sure); http://www.owasp.org/index.php/Category:OWASP_Guide_Project (a little bit old, new version pending) http://www.owasp.org/index.php/OWASP_Backend_Security_Project (an owasp SoC '08 project, not finished yet but seems rather comprehensive) http://www.owasp.org/index.php/Category:Countermeasure (sporadic) cheers, Bedirhan Urgun http://www.webguvenligi.org http://www.owasp.org/index.php/Turkey ------------------------------ Date: Sat, 27 Sep 2008 15:57:40 -0400 From: an0n.s3c at gmail.com To: sc-l at securecoding.org Subject: [SC-L] Secure Coding Standards I am looking for a comprehensive set of secure coding standards to implement into my dev organization. These standards should cover Java, Web, and C/C++ as well as guidelines for using features like encryption, authentication, SSO, SSL, etc. I am open to both publicly available standards as well as commercially available standards. So far, I found 1. www.securecoding.cert.org - thanks to Robert C. Seacord, http://krvw.com/pipermail/sc-l/2008/001401.html 2. http://java.sun.com/security/seccodeguide.html 3. http://wiki.services.openoffice.org/wiki/Cpp_Coding_Standards 4. DHS Build Security In (kind of) - https://buildsecurityin.us-cert.gov/daisy/bsi/home.html 5. SANS Software Security Institute - http://www.sans-ssi.org/ 6. CERT Top 10 Secure Coding Practices - https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices 7. SANS GIAC Secure Software Programmer - http://www.sans.org/gssp/ I would greatly appreciate any pointers to other links or to companies who have developed and sell these standards. Thanks in advance. An0n S3c. ------------------------------ Get more out of the Web. Learn 10 hidden secrets of Windows Live. Learn Now<http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_getmore_092008>
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20080928/3091898a/attachment.html
Current thread:
- Secure Coding Standards anon sec (Sep 27)
- Secure Coding Standards Bedirhan Urgun (Sep 28)
- Secure Coding Standards anon sec (Sep 28)
- Secure Coding Standards Jim Manico (Sep 28)
- Secure Coding Standards Jim Manico (Sep 28)
- Secure Coding Standards anon sec (Sep 28)
- Secure Coding Standards Rohit Lists (Sep 29)
- Secure Coding Standards Jim Manico (Sep 28)
- Secure Coding Standards Cassidy, Colin (GE Infra, Energy) (Sep 29)
- Secure Coding Standards Robert C. Seacord (Sep 29)
- Secure Coding Standards Robert Martin (Sep 29)
- Secure Coding Standards Bedirhan Urgun (Sep 28)