Secure architecture design and threat modeling are followed by the secure coding phase. In the coding phase, we would like to avoid the use of unsafe APIs, buffer overflow, sensitive information leakage, and so on. It's difficult for every developer to be familiar with all secure coding rules. Therefore, how to apply secure coding tools and tips to spot major security issue will be discussed in this chapter.

We will cover the following topics in this chapter:

• Secure coding industry best practices
• Establishing secure coding baselines
• Secure coding awareness training
• Tool evaluation
• Tool optimization
• High-risk module review
• Manual code review tools
• Secure code scanning tools
• Secure compiling
• Common issues in practice ...