Scribd
Upload
5 views

Part A - Secure Coding Practices

Uploaded by

Rahul Goyal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
5 views

Part A - Secure Coding Practices

Uploaded by

Rahul Goyal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Part A : We need Single Trainer

Scope in Detail:
A. Conducting Secure Coding Practices awareness sessions for Bank Developers:

It should
Include
Sr.No
1 Information Security and Cyber Security.
2 Different types of Cyber threats and Cyber-attacks.
3 Software security principles overview.
4 Secure Software design principles.
5 Secure coding concepts and its importance.
6 Secure coding standards and practices as per OWASP and SANS guidelines.
7 Secure Coding Practices covering below areas:
- Input Validation
- Output Encoding
- Authentication and Password Management
- Session Management
- Access Control
- Cryptographic Practices
- Error Handling and Logging
- Data Protection
- Network and Communication Security
- System Configuration
- Database Security
- File Management
- Memory Management
- General Coding Practices
8 Threat modelling and design.
9 Avoid Common vulnerabilities while developing the code.
10 Discuss "How to develop Secure Coding mind-set".
11 Share and discuss most observed coding related issues in various reviews.
12 Common IEHRT/CSR observations to avoid further repetition.
13 Recent incidents caused due to coding vulnerabilities.
14 New emerging technologies for secure coding.
15 SAST and DAST Overview.
16 Hands-on assessment for developers after the awareness session including a
17 Secure Coding Practice 30 question exam, based on the session itself.

Dissemination Process: Offline sessions (may be shifted to online mode in case of some
restriction /need) on "Secure Coding Practices" for employees and vendor resources of the
Bank who are engaged in development of applications. There will be total 12 full day
awareness sessions.
Majorly sessions should include but not limited to languages / technologies mentioned
below in the basic and advance concepts of Secure Coding Practices. It should also cover
other practical examples and test cases from the latest Programming Languages.
Sr.No
1 COBOL
2 C#, DOTNET, VB
3 C, C++, JAVA
4 Java Script, Java SpringBoot
5 ORACLE, MySql, DB2, MVC, WAS, WebLogic, Tomcat
6 HTML, XML
7 Mobile technology: ANDROID, IOS, Tizen and other Linux based OS etc.
8 I-Pad specific OS
9 Pearl. PHP, Python

Monthly Newsletter on email to developers regrading Tips for Secure Coding Practices,
Security during Development and Recent CVEs remediations.

You might also like