Secure Coding Guidelines
Heuristics From 2010
Humans are not compliers. — Ursa
If you rush, likely — you will be debugging your confusion. — 2017–06.29
They are tools, not truths. — Re: Techniques, 2007–01.17
Note some acronyms used in this article.
1. Centralized all definitions (function and variables) all-in-1-place, all-in-1-glance.
* This will also help in M.E.T.A., and determining ITU or duplication, etc.
Distill out all the secrets in the system and placed them in a highly secure area or defensive memory zone.
Traceability and detectability are the parents for analysis and synthesis. — Re: The foundations of modeling, 2007–05.20
You won’t be able to find the bug if it is aforestated in the design or coded in the specification due to insobriety or ambiguity. — 2007–05.21
2. Trace for all key controls and access
Examine thoroughly all system controls and permissions. Identify sensitive spots exploitable on configurations and possible misconfigurations that may be unfended and potentially gain access to sensitive resources.
Beware defaults: default sysadmin database account password