Secure Coding
What is Secure Coding?
Secure CodingThe practice of writing source code in ways that minimize security defects, following defensive patterns, language-specific rules and recognized guidelines.
Secure coding is the day-to-day discipline of producing software that resists attack. It combines language- and framework-specific rules — such as using parameterized queries, validating input, encoding output, handling errors safely and managing memory correctly — with cross-cutting practices like defense in depth, least privilege and fail-safe defaults. Reference catalogues include the OWASP Cheat Sheets, CERT Secure Coding Standards and CWE Top 25. Secure coding is reinforced by automated tooling (SAST, linters, IDE plug-ins), peer review, security champions and recurring training, so vulnerabilities are prevented at the keyboard rather than discovered late in testing or production.
● Examples
- 01
Replacing string-concatenated SQL with parameterized queries to prevent SQL injection.
- 02
Using a vetted JWT library with strict algorithm allow-listing instead of hand-rolled token parsing.
● Frequently asked questions
What is Secure Coding?
The practice of writing source code in ways that minimize security defects, following defensive patterns, language-specific rules and recognized guidelines. It belongs to the Application Security category of cybersecurity.
What does Secure Coding mean?
The practice of writing source code in ways that minimize security defects, following defensive patterns, language-specific rules and recognized guidelines.
How do you defend against Secure Coding?
Defences for Secure Coding typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Secure Coding?
Common alternative names include: Secure programming.