OWASP Guidelines to be Followed
- Secure Coding Guidelines:
- Other Popular Secure Coding Standareds
- Mozilla’s Refer Here
- The Carnegie Mellon’s University Secure Coding Standards Refer Here
- Manual Code Review:
- OWASP Refer Here
Automated Security Tests
- If you are interested in learning about continuous security and do not have an application to test, the OWASP Benchmark Refer Here is the fully runnable open source web application
- SAST Tools: Refer Here
Lets Use Some SAST Tools
- Bandit:
- Clone the code into local system and run the bandit scan
- Clone the code into local system and run the bandit scan
- FindSecurityBugs: Refer Here renamed as spotbugs
- The popular SAST PAID Version tools are
- Coverity from synopys
- Fortify from MicroFocus
