When software analysis firm CAST analyzed 1380 software applications they found a whopping 1.3 million software vulnerabilities in the code.
Anyone reading CSO will know that software flaws give cybercriminals an open door.
Identity management is arguably the most at risk service of all technology disciplines. Identity theft stalks us all. Javelin Research has reported on identity theft for a number of years now and their research shows that it continues to plague the industry. In its 2018 Identity Fraud report, advisory firm Javelin described 2017 statistics as being at a “record high.”
In identity management, we often talk about “weaponizing identity.” This means hardening the system across access points and where users interface with the service. However, the process to weaponize needs to be layered and one such layer is at the code level.
Secure coding for identity management
Digital identity platforms can be very complex, as they often have to rely on external data sources and integrate with third-party APIs. Consumer versions of identity and access management (IAM) can be even more complex. They may require extended functionality to upload, store and share documents and images. Many identity services also incorporate, or are entirely based on, mobile device apps. It is not enough to rely on the inherent security of the protocols that communicate across the components of an identity ecosystem. The underlying code must be as secure as possible without restricting the functionality of this ecosystem.
Here are some of the best secure coding practices to use when developing an identity platform.
1. Use good resources: Start with the secure coding 101 resource, Open Web Application Security Project (OWASP). OWASP is the de facto, go-to resource for secure coding. Their “Quick Reference Guide” for secure coding is a great place to start and to use as a double-check tool during development. Use their …