Enforce secure coding practices
- Author: Leevi Kauranen
- Date / Version: 19/02/2024
User roles
- Dev
- Test
- Sec
Prerequisites / Conditions
- Secure coding guidelines must be established and documented.
- Developers must undergo training on secure coding practices.
Use Case Diagram
Description of use case -eg. Modify existing request
- Adhere to coding guidelines
- Test for security vulnerabilities
- Review code for security
- Provide feedback
Exceptions
-
E1: If a security vulnerability is identified during testing, it must be addressed promptly and the code retested.
-
E2: If the code review reveals significant security issues, development may be halted until the issues are resolved.
Result
- As a result of this use case the code will be more secured and we can keep a vulnerability low as possible.
Use frequency
- This feature will be implemented at all times as the application is modified.
Additional information
-
Describe other relevant information related to the use case, such as open issues, references to the codes used, etc.
-
This feature includes some other features, such as HTTPS connection, securing api endpoints and coprrect user authentication.
-
implemented also security headers for api calls, and correct error handling
Sources
This wiki-document is based on the The public administration recommendations
Thanks to the original authors.