Auto-sync: 2026-04-20 07:08
This commit is contained in:
28
wiki/concepts/Secure-Coding.md
Normal file
28
wiki/concepts/Secure-Coding.md
Normal file
@@ -0,0 +1,28 @@
|
||||
---
|
||||
title: "Secure Coding"
|
||||
type: concept
|
||||
tags: [security, development]
|
||||
sources: [what-is-devsecops-best-practices-benefits-and-tools]
|
||||
last_updated: 2026-04-20
|
||||
---
|
||||
|
||||
## Definition
|
||||
安全编码(Secure Coding)是编写代码时遵循安全最佳实践的实践,旨在防止安全漏洞。它是 DevSecOps 的核心组成部分,通过在编码阶段就嵌入安全检查来实现"安全左移"。
|
||||
|
||||
## Key Principles
|
||||
- **输入验证**:验证所有用户输入
|
||||
- **输出编码**:正确编码输出防止 XSS
|
||||
- **参数化查询**:使用参数化查询防止 SQL 注入
|
||||
- **最小权限**:遵循最小权限原则
|
||||
- **安全存储**:安全存储敏感信息
|
||||
|
||||
## Best Practices
|
||||
- 遵循 OWASP 安全编码指南
|
||||
- 使用安全库和框架
|
||||
- 代码审查包含安全检查
|
||||
- 自动化安全测试集成到 IDE
|
||||
|
||||
## Connections
|
||||
- [[DevSecOps]] ← implements ← [[Secure Coding]]
|
||||
- [[SAST]] ← validates ← [[Secure Coding]]
|
||||
- [[OWASP]] ← defines ← [[Secure Coding]]
|
||||
Reference in New Issue
Block a user