Add secure coding

[aubertc]

We should add some discussion about secure coding in our material.

I think they are looking to see if we use something that checks for security violations in source code. Something like this for source code https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers , or this for web applications -- https://owasp.org/www-community/Vulnerability_Scanning_Tools.

It really would be wonderful if we could increase the amount of security in our curriculum, I think starting with secure coding techniques/practices would be a good place to start. Lots of useful information on the subject here -- https://www.sei.cmu.edu/our-work/secure-development/. Attached is one of their (old) products.

Cf. also SEI CERT C Coding Standard Rules for Developing Safe, Reliable, and Secure Systems.

[aubertc]

Some topics include:

Size of data types Importance of access modifiers Correctly prompting the user Safe data assignment Checking array bounds