Secure Coding Guidelines

Heuristics From 2010

Mi'kail Eli'yah
32 min readNov 12, 2022

Humans are not compliers. — Ursa

If you rush, likely — you will be debugging your confusion. — 2017–06.29

They are tools, not truths. — Re: Techniques, 2007–01.17

Lorin Varencove Maazel (March 6, 1930 - July 13, 2014)

Note some acronyms used in this article.

1. Centralized all definitions (function and variables) all-in-1-place, all-in-1-glance.
* This will also help in M.E.T.A., and determining ITU or duplication, etc.

Distill out all the secrets in the system and placed them in a highly secure area or defensive memory zone.

Traceability and detectability are the parents for analysis and synthesis. — Re: The foundations of modeling, 2007–05.20

You won’t be able to find the bug if it is aforestated in the design or coded in the specification due to insobriety or ambiguity. — 2007–05.21

2. Trace for all key controls and access
Examine thoroughly all system controls and permissions. Identify sensitive spots exploitable on configurations and possible misconfigurations that may be unfended and potentially gain access to sensitive resources.

Beware defaults:  default sysadmin database account password

--

--