

Secure Coding Guidelines

Version: 2.2

---

Introduction

This page summarizes the Secure Coding Guidelines that WSO2 Engineers follow while implementing WSO2 products and applications within the organization.

The purpose of this document is to increase security awareness and make sure the products and the applications developed by WSO2 are inherently secure, by ensuring that security best practices are followed throughout the Software Development Life Cycle.

• General Recommendations for Secure Coding

  Explains different attacks or security threats that the engineers must focus on while implementing a product or an application. Prevention techniques are discussed in generic form, and some sections discuss programming language-specific prevention techniques.

• General Recommendations for React Secure Coding

  Explains secure coding best practices for React.

• OWASP Top 10 - 2017 Prevention

  Lists OWASP Top 10 2017 list of the most critical application security risks.

• OWASP Top 10 - 2013 Prevention

  Lists OWASP Top 10 2013 list of the most critical application security risks.

• OWASP Mobile Top 10 Prevention

  Explains different attacks or security threats that the engineers must focus when developing mobile applications. Prevention techniques are discussed in generic form, and some sections discuss mobile platform-specific prevention techniques.

• Tooling Recommendations for Secure Coding

  Lists all documentation on security-related tooling that is used within WSO2 and recommendations for such tools in the engineering process.