Our lives as programmers are spent painstakingly writing clean, efficient, and functional code. Just as painstakingly important, if not more, is securing that code from the onslaught of menacing threats, which are ever more equal to the task these days. Taking a risk with an open vulnerability can lead to an all-out attack on an entire system, from loss of data, loss of finance, and, probably worst of all, untold damage to trust.
Somewhere along my path, I have come to learn that securing the code is so much more than just barricading it with security concepts ingrained into the very core of development.
At the starting point of the entire process comes secure coding. Common practices like input validation, data sanitisation, and the use of parameterised queries can stop well-known attacks like SQL injection or cross-site scripting (XSS). Take the case of a login system: hashing and storing passwords properly protects user credentials in case the database is compromised. They may look trivial, but they serve as the cornerstones of a manipulative codebase.
Regular code reviews are another equally important practice. Some other pair of eyes over the code can help catch some things that could otherwise have remained unnoticed by yourself. Aside from that, peer reviews work for better code quality and foster a culture of accountability and collaboration.
I have found that teams that promote code reviews are much better at finding and resolving security issues during development.
The other falls under dependency management. An application these days is quite dependent on third-party libraries and frameworks; poorly managed dependencies could expose the vulnerabilities. Tools like Dependabot or Snyk could monitor dependencies and warn when one is potentially vulnerable.
Nevertheless, staying awake and constantly updating your dependencies and deleting any libraries you don’t use anymore will reduce the attack surface, therefore improving your code base security.
Certainly, security is where automated tests show their brilliance. Security testing tools embedded in your CI/CD pipeline will catch vulnerabilities before they ever ship to production. Static application security testing tools should be scanning your code for vulnerabilities, while dynamic application security testing tools should be trying to “attack” a running instance.
By making these tests automatic, you show that security remains foremost in your mind during every phase of application delivery.
Read also: Google’s Gemini AI-coding assistant is now free for Nigerian developers
Encryption is yet another must for protecting sensitive data. No matter what the data status might be—at rest or in transit—encryption ensures that any person intercepting the data or accessing it without authority will have his work well cut out as the data would be nigh unreadable.
A modern-day computer scientist’s must-have tools would be the implementation of HTTPS for communications and AES for the encryption of stored data. Encryption techniques and algorithms to be used will be dependent on resources and users as well. Key rotations and proper security management of encryption keys must also be considered when choosing encryption in any system.
Last but not least is the culture of your team encouraging security best practices among its members. Security is not a solo act by the cybersecurity team; it is a team sport. Holding regular training, workshops, and even fun activities like bug bounty contests will take away the chances of someone being oblivious.
When security becomes a collaborative affair, risk identification becomes easier, and talking about it becomes natural.
So, securing the codebase is not only writing secure code; the strategy embraces protecting the codebase, conducting code reviews, dependency management, security testing automation, encryption, and a culture of security. With this, developers end up creating systems that just work and remain unscathed during an attack.
In a time when threats abound, putting security first is no longer a mere best practice but rather an obligation one has to the users and to themselves.
Author’s bio: Faith Sodipe
Faith Sodipe is a forward-thinking Software Engineer with a passion for developing user-centric, secure, and scalable solutions.
Expertise in Flutter for cross-platform mobile applications and .NET for backend systems is complemented by a Master’s degree in Cybersecurity. Faith excels in leading and collaborating within teams to transform visions into functional systems.
He is dedicated to using technology for social good, particularly at the intersection of human-centred design and AI, to make technology accessible and impactful for all.
Technext Newsletter
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!
