-
Notifications
You must be signed in to change notification settings - Fork 0
Secure Coding Standards and Checking Compliance
As security is of paramount importance in this project, we define the secure coding standards the implementations should follow.
As the server side will be developed in Java, the secure coding standard followed during development should be the SEI CERT Oracle Coding Standard for Java.
The standard governs various aspects of the code, and ultimately
leads to higher quality systems that are safe, secure, reliable, dependable, robust, resilient, available, and maintainable and can be used as a metric to evaluate source code for these properties (using manual or automated processes). [source]
The server side will be implemented in C. The secure coding standard we decided to follow will be the SEI CERT C Coding Standard.
The standard deals with the security aspects of the low level C code, and its main goal
is to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities. [source]
The client side application will be an Android application, so the secure coding standard we decided upon will be the Android Secure Coding Standard.
The standard contains rules for both language and API usage, and its goal
is to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities. [source]
© Grotesque Gecko, 2020
- Functional Requirements and Use Cases
- Security Requirements and Objectives
- Threat Assessment
- Quality Gates
- Chosen Technologies
- Required Security Functionalities
- Structural Model of the System
- Behavioral Model of the System