Mozilla’s Secure Coding Guidelines for Web Applications

We’re committed to security at Mozilla and take every opportunity throughout the development lifecycle to integrate security controls, guidance and verification. One of the items that we’ve found successful thus far is the secure coding guidelines document for web applications.  The goal of this document is to provide concise security guidance and security requirements that can be used in any web application.  While specific security controls may differ between applications, this baseline at least puts all applications and in a solid position in terms of security.

Take a look and feel free to use or adopt this information within your organization. Your recommended controls and risk tolerance may vary, but ultimately, providing clear security expectations to developers will lead to a more secure application in the end.

 

Michael Coates

3 responses

  1. oxdef wrote on :

    Hmm, for the first look I wanted to ask you why do you make yet another guide when we already have docs on owasp.org. But then I found links to owasp in it and can say now “Nice job!” 🙂 Security best practices propaganda is always good idea!

  2. mcoates wrote on :

    See http://news.ycombinator.com/item?id=3059759 for a good discussion on the secure coding guidelines.

  3. Percy Cabello wrote on :

    Thanks! I think this a nice quick reference for securing web applications. Guess this is a kind of by-product from Mozilla operations that should somehow find a way towards a general server side web development/operations best-practice repository.