Secure Engineering Guidelines¶
Read about following Secure Enginnering guidelines which WSO2 Engineers follows when they are developing WSO2 products.
- WSO2 Secure Coding Guidelines: This document summarizes the Secure Coding Guidelines that should be followed by WSO2 engineers while engineering WSO2 products, as well as applications used within the organization.
- Security Related HTTP Headers: This document summarizes the Security Related HTTP Headers which should be considered by WSO2 engineers while engineering WSO2 products, as well as applications used within the organization.
- OWASP CSRFGuard: This document introduces OWASP CSRFGuard and further summarizes best practices and configuration recommendations for applications hosted on WSO2 platform. In addition, this document further explains configuration values that can be fine tuned to increase security, based on security requirements of the specific application.
- Static Code Analysis using FindSecurityBugs: This document provides details of all necessary steps for configuring FindBugs108 and Find Security Bugs for scanning source code in order to discover security threats.
- Dynamic Analysis with OWASP ZAP: This document provides details of all necessary steps for configuring the OWASP Zed Attack Proxy (OWASP ZAP) tool for scanning WSO2 products in order to discover security threats.
- External Dependency Analysis using OWASP Dependency Check: This document provides details of all necessary steps for using OWASP Dependency Check Command Line Client (CLI) tool and the Maven plugin for analyzing 3rd party dependencies used in projects for identifying known security vulnerabilities.