Skip to content

Promote Secure Coding Practices

Promote Secure Coding Practices

Introduce secure coding guidelines and training

Tasks:

  • Publish secure coding guidelines based on OWASP
  • Host quarterly secure dev training or lunch & learns
  • Add checklist item for common security flaws
  • Include static analysis tools in pipeline

Prevent known bad practices

Tasks:

  • Define list of banned functions/patterns
  • Add static rules to prevent usage
  • Integrate secret scanners in Git hooks
  • Review flagged issues in weekly tech huddles
Back to top