from Hacker News

How do you program securely?

by panjaro on 8/16/15, 10:49 PM with 5 comments

I'm a sole developer in a non-IT company. I use C# for programming and AWS.I'm responsible for everything here. How would I be able to stay secure? How should I start in order to program securely? Any good Books?

  • by USNetizen on 8/17/15, 12:09 AM

    Start here for some reading material: https://github.com/paragonie/awesome-appsec

    Get to know the static analysis tools out there, check out OWASP (for web apps), and learn threat modeling. Application security isn't a one-time thing, it's something that is constantly evolving and changing. Learn the processes, then go into the details from there into your chosen technology stack. I've also read this book, which is good but doesn't go very in deep with the technical stuff: http://www.amazon.com/Enterprise-Software-Security-Disciplin...

    Application security isn't just about programming either. It entails elements of risk management, architecture security, configuration management and many other disciplines to be performed effectively.

  • by getdavidhiggins on 8/16/15, 11:01 PM

    A personal favorite of mine is this book "Fuzzing: Brute Force Vulnerability Discovery", by Michael Sutton

    http://amazon.decenturl.com/fuzzing

    Best looking at how hackers are getting in, as-well as programming defensively. Tobias Klein's "A Bug Hunter's Diary" is a good read too:

    http://amazon.decenturl.com/bug-hunter

  • by zzzcpan on 8/16/15, 11:55 PM

    Learn threat modeling first. It will change the way you think about programs.