Obmondo logo
  • Why Obmondo
  • Scope of Service
  • Compliance
  • Pricing
  • Features
LoginSignup
Close
  • Why Obmondo
  • Scope of Service
  • Compliance
  • Pricing
  • Features
  • GitHub
LoginSignup
    • Overview
    • 8.1 User Endpoint Devices
    • 8.2 Privileged Access Rights
    • 8.3 Information Access Restriction
    • 8.4 Access to Source Code
    • 8.5 Secure Authentication
    • 8.6 Capacity Management
    • 8.7 Protection Against Malware
    • 8.8 Management of Technical Vulnerabilities
    • 8.9 Configuration Management
    • 8.10 Information Deletion
    • 8.11 Data masking
    • 8.12 Data leakage prevention
    • 8.13 Information backup
    • 8.14 Redundancy of information processing facilities
    • 8.15 Logging
    • 8.16 Monitoring activities
    • 8.17 Clock synchronization
    • 8.18 Use of privileged utility programs
    • 8.19 Installation of software on operational systems
    • 8.20 Networks security
    • 8.21 Security of Network Services
    • 8.22 Segregation of Networks
    • 8.23 Web filtering
    • 8.24 Use of Cryptography
    • 8.25 Secure Development Life Cycle
    • 8.26 Application Security Requirements
    • 8.27 Secure System Architecture & Engineering Principles
    • 8.28 Secure Coding
    • 8.29 Security Testing in Development and Acceptance
    • 8.30 Outsourced Development
    • 8.31 Separation of Development, Test, and Production Environments
    • 8.32 Change Management
    • 8.33 Test Information Security
    • 8.34 Protection of Information Systems During Audit Testing
      • Overview
      • 8.1 User Endpoint Devices
      • 8.2 Privileged Access Rights
      • 8.3 Information Access Restriction
      • 8.4 Access to Source Code
      • 8.5 Secure Authentication
      • 8.6 Capacity Management
      • 8.7 Protection Against Malware
      • 8.8 Management of Technical Vulnerabilities
      • 8.9 Configuration Management
      • 8.10 Information Deletion
      • 8.11 Data masking
      • 8.12 Data leakage prevention
      • 8.13 Information backup
      • 8.14 Redundancy of information processing facilities
      • 8.15 Logging
      • 8.16 Monitoring activities
      • 8.17 Clock synchronization
      • 8.18 Use of privileged utility programs
      • 8.19 Installation of software on operational systems
      • 8.20 Networks security
      • 8.21 Security of Network Services
      • 8.22 Segregation of Networks
      • 8.23 Web filtering
      • 8.24 Use of Cryptography
      • 8.25 Secure Development Life Cycle
      • 8.26 Application Security Requirements
      • 8.27 Secure System Architecture & Engineering Principles
      • 8.28 Secure Coding
      • 8.29 Security Testing in Development and Acceptance
      • 8.30 Outsourced Development
      • 8.31 Separation of Development, Test, and Production Environments
      • 8.32 Change Management
      • 8.33 Test Information Security
      • 8.34 Protection of Information Systems During Audit Testing
      Obmondo

      Open-source platform for security, compliance, and operations — run on any cloud with no vendor lock-in.

      Products

      • Services
      • Features
      • Pricing
      • Compliance
      • Scope of Service

      Company

      • About
      • Solutions Brief
      • Careers
      • Blog
      • Why Obmondo

      Contact

      • info@obmondo.com
      • sales@obmondo.com
      • Talk to us
      • Contact Us

      © 2026 Obmondo. All rights reserved.

      Terms & ConditionsUnsubscribe
      1. compliance
      2. 8.28

      Secure Coding

      Secure coding principles should be applied to software development.

      SonarQube enforces secure coding standards

      Code is scanned against secure coding principles and OWASP guidelines. Common vulnerabilities like SQL injection, buffer overflow, and insecure deserialization are detected automatically.

      Design-first secure coding

      Technical design diagrams are created before development, followed by security risk assessments that evaluate data flows, access control, and architectural constraints. We focus on identifying and addressing security issues before any code is written.

      Test-Driven Development with security focus

      Tests are written before code, covering security scenarios and negative use cases. All code undergoes peer review requiring approval from senior developers. We focus on using OWASP Top 10 guidelines throughout the development process.

      On this page

      • SonarQube enforces secure coding standards
      • Design-first secure coding
      • Test-Driven Development with security focus