Security principles

Secure development principles. These are based on ones provided by NCSC

For more details visit https://www.ncsc.gov.uk/collection/developers-collection?curPage=/collection/developers-collection/principles

Secure development is everyone's concern

Genuine security benefits can only be released when delivery teams weave security into their everyday working practices.

Keep your security knowledge sharp

Creating code that is capable of withstanding attack requires an understanding of attack types and of defensive security practices.

Produce clean & maintainable code

If your code lacks consistency, is poorly laid out and undocumented, you're adding to the overall complexity of your system.

Secure your development environment

There is sometimes a perceived conflict between security and usability. This situation is highlighted in the case of end user devices and the environments used to support software development.

Protect your code repository

Your code is only as secure as the systems used to create it. As the central point at which your code is stored and managed, it's crucial that the repository is sufficiently secure.

Secure the build and deployment pipeline

Continuous integration, delivery and deployment are modern approaches to the building, testing and deployment of IT systems.

Continually test your security

Security testing can be manual, but it can also be automated.

Plan for security flaws

All but the very simplest software is likely to contain bugs, some of which may have a security impact.