Secure coding

Tutorials and training on how to build secure applications using the latest in secure and defensive programming strategies.

You've Got Microservices... Let's Secure Them!

In this session, we'll give a demonstration of using a centralized authentication service to secure many different microservices. The demo will be based on Project Keycloak, but it would apply as well to Stormpath, Ping.Indenty, or similar services.

Red Hat Developer Alumnus

What is Secure Coding?

Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art.

Getting Started with Secure Coding

8:0

Ep. 1: Input Validation (1 of 2)

Ep. 1: Input Validation (1 of 2)

6:33

Ep. 1: Input Validation (2 of 2)

Ep. 1: Input Validation (2 of 2)

7:58

Ep. 2: Numeric Errors

Ep. 2: Numeric Errors

6:15

Ep. 3: Authorization

Ep. 3: Authorization

8:14

Ep. 4: Security Mentality (1 of 2)

Ep. 4: Security Mentality (1 of 2)

8:22

Ep. 4: Security Mentality (2 of 2)

Ep. 4: Security Mentality (2 of 2)

Free best practices guide for defensive coding

Writing secure code should be top of mind, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind. The Fedora Project's Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

The first part of the book contains useful tips for seven programming languages, such as C++, Java, or Go.
Part two is dedicated to secure coding principles from manipulating files to processes.
Part three offers tips for authentication, authorization, cryptographic protocols, hardware security modules, and smart cards.

Next Steps with Secure Coding

12:52

Easily secure your Spring Boot applications with Keycloak - Part 1

Easily secure your Spring Boot applications with Keycloak - Part 1

5:3

Easily secure your Spring Boot applications with Keycloak - Part 2

Easily secure your Spring Boot applications with Keycloak - Part 2

Post Quantum Cryptography from RH security blog

SELinux Loves Modularity

SELinux Loves Modularity

Docker Authentication Flow

Docker Authentication with Keycloak

owasp

OWASP Top Ten

The Latest on Secure Coding & Security

ansible share image

This article demonstrates how to install MSSQL using Ansible Vault, an Ansible Automation Platform feature, to protect sensitive information.

secure coding

Learn how the FORTIFY_SOURCE feature in the GNU C library improves C code security by detecting and preventing buffer overflow, and more.

Video Thumbnail

Stop deploying applications that contain security vulnerabilities

Configure a Jupyter notebook to use GPUs for AI/ML modeling

Learn how to use the Red Hat OpenShift Data Science platform and Starburst to develop a fraud detection workflow with an AI/ML use case.

Feature image for secure coding.

Learn about OS command injection attacks and 4 essential best practices to prevent them.

Apache Camel and Quarkus on Red Hat OpenShift

Learn how to configure SOAP web services with the Red Hat build of Apache Camel and Quarkus.

More secure coding resources

Around Red Hat

SELinux

Strengthen datacenter security

How Red Hat finds vulnerabilities

How Red Hat finds vulnerabilities

understanding security

Not a developer? Understand IT Security