Coding is very easy task to do, but writing safe and secure code is difficult. In this post I will try to explain some of the rules/steps to make safe and secure code. If we follow these steps we can eliminate most of the failures in our software. As a coder, we need to find out all possible failure cases first and handle them. Some where I read statement like "A developer is like a cab driver in India who sees both sides in one way road". I think this statement is very true. In software application anything can happen, no software is secure and any software can crash at any time due to some simple mistake in the code. So to avoid all simple and silly mistakes and making more safe and secure code, below are the rules with no specific order you need to follow without fail.
Static Code Analysis: Basically what static analysis will do is, it just scans our code and find out possible errors. There could be some copy-paste errors, some human errors etc. All these can be identified by Static analyzers. Static analysis done by static analyzer which is simply another software which can scan our code and generate report with all errors and warnings.There are lot of open source and commercial static analyzers available on the web. Here are some of simple errors which identified by static analyzer.
Test Driven Development(TDD): In TDD, first instead of writing code for functionality, need to write all possible test cases for that functionality. After finishing all test cases, run those test cases once. All these test cases will fail as there is no code available for the functionality. Now start writing the code to pass all these test cases. Believe me, It helps a lot in eliminating most of the bugs in the initial stage. Writing test cases for existing code is difficult. So always start tests cases before writing actual functionality. It will take some extra time, but it helps a lot.
Code Review: This is one of the traditional way of finding out silly mistake done by developers. Always make sure that your code is reviewed by some one. Some others reviewing your code doesn't mean that you are not good in coding, it eliminates if any mistakes and it boasts your confidence levels if there are no comments :-) So Always go for the code review and don't skip it.
Pair Programming: This is another new way of coding. Most of the developers thinks that if they are alone, they can write code quickly and efficiently. Yes that is true. But occasionally do pair programming. If possible code with new developer and some times with senior developer. While doing pair programming, basically two developers are seeing that code and two brains are working right!!. In this case, if any mistakes done, another developer identifies it and s/he may give another better way of writing the same code.
Till now I have not specified any secure programming techniques rite? If you follow above rules, you can easily eliminate lot of common security related issues. All these steps are not specific to any particular programming language. In whatever language you are going to write, always follow these steps. Nowadays we have lot of IDE's (like XCode, Eclipse) which are supporting inbuilt frameworks to support static analyzers and TDD.
Enjoy Coding!!!
Happy Coding!!!
References:
Click
- Static Code Analysis(Static analyzer)
- Test Driven Development(TDD)
- Code Review
- Pair Programming
Static Code Analysis: Basically what static analysis will do is, it just scans our code and find out possible errors. There could be some copy-paste errors, some human errors etc. All these can be identified by Static analyzers. Static analysis done by static analyzer which is simply another software which can scan our code and generate report with all errors and warnings.There are lot of open source and commercial static analyzers available on the web. Here are some of simple errors which identified by static analyzer.
Test Driven Development(TDD): In TDD, first instead of writing code for functionality, need to write all possible test cases for that functionality. After finishing all test cases, run those test cases once. All these test cases will fail as there is no code available for the functionality. Now start writing the code to pass all these test cases. Believe me, It helps a lot in eliminating most of the bugs in the initial stage. Writing test cases for existing code is difficult. So always start tests cases before writing actual functionality. It will take some extra time, but it helps a lot.
Code Review: This is one of the traditional way of finding out silly mistake done by developers. Always make sure that your code is reviewed by some one. Some others reviewing your code doesn't mean that you are not good in coding, it eliminates if any mistakes and it boasts your confidence levels if there are no comments :-) So Always go for the code review and don't skip it.
Pair Programming: This is another new way of coding. Most of the developers thinks that if they are alone, they can write code quickly and efficiently. Yes that is true. But occasionally do pair programming. If possible code with new developer and some times with senior developer. While doing pair programming, basically two developers are seeing that code and two brains are working right!!. In this case, if any mistakes done, another developer identifies it and s/he may give another better way of writing the same code.
Till now I have not specified any secure programming techniques rite? If you follow above rules, you can easily eliminate lot of common security related issues. All these steps are not specific to any particular programming language. In whatever language you are going to write, always follow these steps. Nowadays we have lot of IDE's (like XCode, Eclipse) which are supporting inbuilt frameworks to support static analyzers and TDD.
Enjoy Coding!!!
Happy Coding!!!
References:
Click
No comments:
Post a Comment