Announcing safelity
Safelity is a proof of concept PHP library for secure coding. It was released on github a while ago, but formally introduced as part of my presentation “Codified security”, presented at GIDS today. It differs from traditional secure coding concepts in that it aims to make safe code visually identifiable when reading and writing code. But also make it hard to use in an unsafe manner and allow easy auditing of code written with the library. Unfortunately it is a limited functionality library, but I think it illustrates that you can make secure coding about writing secure code as opposed to trying to turn great developers into security experts.
This is predominantly inspired by Joel on software’s post about making wrong code look wrong https://www.joelonsoftware.com/2005/05/11/making-wrong-code-look-wrong/ and the clever engineering that makes parameterized queries/prepared statements very secure and simple to use.
You can find the code on https://github.com/wireghoul/safelity, the talk is being recorded, but may only be available on the conference website.