

This particular rant is about developing your overall

Enterprise Secure Coding Programme

regardless of your size.





















Coding Best Practices:

Business Core Competencies:

Unless you are in the business of developing either of these... Don't.

Glad I got THAT off my chest.

Release Planning:





So lets start out by saying that I have no intent on teaching you how to code, and you probably wouldn't want to learn from me anyway!More than ever before, we must be diligent about our Application Development practices. In today's fast paced, highly competitive Internet environment, it is expected that your Corporate Applications not only look and feel "modern", but are also built to work on a multitude of platforms . Gone are the days when you can write an application to "work best" on Internet Explorer. Apps must present a consistent user experience across various browsers and platforms. This diversity of endpoint systems increases the potential for vulnerable code to be exposed. Coding Securely needs to be a Corporate Culture , supported from the Top down. Every layer of employee has a role in this practice. An application built from the ground up on the principles discussed below will spend a lot less time in " vulnerability management ", and a lot more time in building and releasing features.I'm going to structure this discussion by addressing the responsibilities of each Business Role at a high level, then break each one of these down, further on.First of all, download and read the following!A coding best practice is a set of rules or procedures that one follows to create legible, well documented application code that improves the quality of the application and provides for better maintenance. Code should be clearly written using a standard naming convention for object or variable names, routine or module names, and table/field names. Comments should be descriptive and short.Base your Application Development Practice on your your Business Core Competencies . By this I mean that if your company produces Widgets, then your Core Compency is in the mass production and sale of Widgets. Your developers should be spending the bulk of their effort in writing code to strengthen the sale of Wigets.If they are developing " application frameworks " or writing " authentication " code, they are not doing you a service. There have been decades of collaborative prior art created that follow standards and have been rigorously tested.