Strengthen Your Secure Coding Skills By Developing These Eight Habits

  • Start practicing: You may not want to be the next DevSecOps champion, but you should be practicing. Start familiarizing yourself, even if it’s just with baby steps, with common security tools. And practice patching real code. It will train you to identify flaws early on — a great skill for any developer.
  • Show you’re mindful of security: Again, it doesn’t mean you need to be the security champion, but showing your peers and your organization that you are mindful of security and taking steps to increase the resiliency of your code will set you apart in the eyes of management and send a strong message to your peers that the code needs to be right.
  • Make a point of looking at went wrong: If you or someone else finds a vulnerability in your code, examine it to find out when and where things went wrong. A great way to do this is to read up on famous security flaws and how they happened. Over time you will begin to think like a hacker — a great skill to have when building software.
  • Break things: Thinking like a hacker is step one. Learning how to break things like a hacker will take you to the next level and is the key to becoming a security-minded developer. You want to know your adversary, how they think and how they act.
  • Learn common security flaws: Cross-site scripting is one of the most common security flaws. Could you spot it quickly, and fix it, in your code? Think back to the first point above. Start practicing.
  • Scan early: When it comes to secure coding, the early bird really does get the worm. Don’t let the need for speed postpone early scans. You want to fix flaws and vulnerabilities fast and early. It’s far less work than finding them later.
  • Automate: Consider using automated security tools. Automated code scanning in your IDE and other steps can save you time and keep you moving fast in production. Honing your skills and adding automation to the mix will make you more effective.
  • Secure your open source code: We all use it, we all love it. About 90 percent of software today is comprised of open source code. Look into enterprise-grade variations and examine it yourself. Expecting project committers, particularly those in small projects, to ensure the security of their code is unrealistic and ungrateful.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rey Bango

Rey Bango


Tinkering in cybersecurity at Veracode and helping developers build secure software. Fortis Fortuna Adiuvat. Opinions are mine.