secguide

by Tencent

13.5Kstars

1.9Kforks

209watchers

Updated 8 months ago

About

A comprehensive secure coding guide for developers that outlines API-level risks and provides practical security coding solutions.

面向开发人员梳理的代码安全指南

Primary Use Case

This tool serves as a detailed reference for developers to understand and mitigate security risks in their code by following language-specific secure coding guidelines. It is useful for developers, security engineers, and DevSecOps teams aiming to integrate security best practices into development workflows and to create or enhance security scanning and vulnerability remediation strategies.

Key Features

Detailed secure coding guidelines for multiple programming languages including C/C++, JavaScript, Node.js, Go, Java, and Python
Focus on API-level security risks and practical coding solutions
Based on DevSecOps principles to promote security from the development source
Guidance for writing security system scanning strategies
Support for security component development and vulnerability fixing
Community-driven with contribution guidelines
Licensed under CC BY 4.0 for open collaboration

Security Frameworks

Initial Access

Execution

Defense Evasion

Credential Access

Impact

Usage Insights

Integrate the secure coding guidelines into CI/CD pipelines to automate vulnerability prevention early in development.
Use the documentation to train developers and DevSecOps teams, reducing introduction of exploitable code.
Leverage the guide to customize and enhance static and dynamic application security testing tools for improved scanning accuracy.
Combine with runtime application self-protection (RASP) tools to create a layered defense from code to runtime.
Encourage community contributions to keep the guide updated with emerging language-specific security risks and mitigation techniques.