New cheat sheet proposal: Best Practices for sharing online code #44
Description
Good day,
As requested by Dominique, here's my question to the group.
I am trying to compile a list of best practices in my business on how to share code responsibly and securely.
In basic terms, I’m trying to come out with a short of checklist for our coders like a best practices or do’s and don’ts on how to make sure your code is clean to post online to open source repositories like GitHub and others.
Because right now, it’s like the wild, wild, west. Upper management is telling coders to do everything in the cloud and share your code, but they do so carelessly.
In big, am trying to see if you offer such a list or ideas what to do, like an OWASP top 10.
Stuff I know I need my coders to look for is;
- Ensuring that no internal server names or IP addresses are posted in the code
- To use caution when posting DB’s and ensuring that they only contain non-sensitive / test data and not actual client data.
- Usernames, passwords, private keys to be removed and /or replaced as appropriate
- Scan code with security tool
If you do have guidelines or checklist for this type of security / sanitation, I would appreciate being guided towards it.
Here are the answers to the template for new issues/proposal:
- Which security issues are bring or commonly meet when someone must work on this topic?
Safe sharing of corporate code information and apps, without leaking corporate data and simply be more vigilant. - What is the objective of the cheat sheet?
Help out the community on best practices for sharing clean code online (not only format, but what to include and what not to include) - What the CS will bring to the reader?
Another great arsenal for the OWASP community and a safer internet
Any help on this subject is greatly appreciated.
Best Regards,
Brian Maher