OWASP Developer Guide

Foundations

Developer guide logo

2. Foundations

There are various foundational concepts and terminology that are commonly used in software security. Although many of these concepts are complex to implement and are based on heavy-duty theory, the principles are often fairly straight forward and are accessible for every software engineer.

A reasonable grasp of these foundational concepts allows development teams to understand and implement software security for the application or system under development. This Developer Guide can only give a brief overview of these concepts, for in-depth knowledge refer to the many texts on security such as the The Cyber Security Body Of Knowledge.

If changes are being introduced to the security culture of an organization then make sure there is management buy-in and clear goals to achieve. Without these then attempts to improve the security posture will probably fail - see the Security Culture project for the importance of getting management, security and development teams working together.

Sections:

2.1 Security fundamentals
2.2 Secure development and integration
2.3 Principles of security
2.4 Principles of cryptography
2.5 OWASP Top 10


The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.