Secure Coding: Guidance and Training Resources

The following resources are recommended by Information Assurance (IA) as credible sources of information and learning for those who need to do secure coding.

Gartner

U-M subscribes to the “Gartner for Technical Professionals” (GTP) online research service, which is available to U-M staff in IT job families. The database contains articles covering a wide array of technology topics, including several on application security, such as Adopt a 'Shift Left' Approach to Testing to Accelerate and Improve Application Development, Approaches for Securing Application Development Environments and Artifacts, and How to Integrate Application Security Testing Into a Software Development Life Cycle.

OWASP

The Open Web Application Security Project (OWASP) is an online community that produces articles and tools, free to the public, for use in support of web application security. For example, their Secure Coding Practices - Quick Reference Guide “is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle.” OWASP is perhaps most known for their Top Ten Project, a regularly-updated awareness document for web application security, describing the most critical security risks to web applications.

Defensive Coding Guide

From the Fedora Project, the Defensive Coding Guide provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.

LinkedIn Learning

Through an agreement between U-M and LinkedIn Learning, benefits-eligible faculty and staff have free access to a range of LinkedIn Learning training videos, including several that address aspects of application security. Suggested titles include:

O'Reilly Safari

Current U-M students, faculty, and staff are granted unlimited access to O'Reilly Safari Online, which offers a vast collection of books and videos on technology topics. Titles on application security include: