INFORMATION SECURITY PORTAL

GUIDELINES -

SOFTWARE DEVELOPMENT

Below is links to different webpages where information for developers are available. Depending on what is developed, more or less of the information is usefull.


The information covers privacy and security, it does not cover how to structure developing.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.


The goal is that the project provides you with excellent security guidance in an easy to read format.

Over 15 years of experience in web application security bundled into a single application. The Security Knowledge Framework is a vital asset to the coding toolkit of your development team. Use SKF to learn and integrate security by design in your web application.

SKF is an open source security knowledgebase including manageble projects with checklists and best practice code examples in multiple programming languages showing you how to prevent hackers gaining access and running exploits on your application.

The SANS Developer How To Guide provides developers with simple code examples that quickly show how to prevent common security vulnerabilities.

The OWASP SAMM (Software Assurance Maturity Model) is a community-led open-sourced framework that allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational Software Development Life Cycle (SDLC).

The Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Errors (CWE Top 25) is a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software. These weaknesses are often easy to find and exploit.The CWE Top 25 is a community resource that can be used by software developers, software testers, software customers, software project managers, security researchers, and educators to provide insight into some of the most prevalent security threats in the software industry.

Information from OWASP about how to block Brute Force Attacks.

OWASP API Security focus on how to develop secure API’s. API’s is used by banks, retail and transportation to IoT, autonomous vehicles and smart cities, API’s are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing and internal applications. By nature, API’s expose application logic and personal data (PII) and because of this have increasingly become a target for attackers.

API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (API’s).

Copyright © 2019-2020 InformationSecurityPortal.se - All Rights Reserved