Third party integration using webservices

Document Purpose

This document defines the standard for ensuring the protection of networks, network elements and associated systems that compose them, ensure availability of services, confidentiality and integrity of information stored and transported, and to avoid the possibility of fraud and abuse in the networks or services used to connect and share information with third parties.

Scope

Arises from the need to publish internal information services (Webservices) for consumption and / or shared to outside entities that provide services to organization. However, this publication must meet safety guidelines and good practice architecture following the guideline given below.

Read More

Read More

Secure coding standard

 Document Purpose

The goal of each coding standard is to define a set of rules that are necessary (but not sufficient) to ensure the security of software systems developing in the respective programming languages. A secure coding standard consists of rules and recommendations. Coding practices are defined to be rules when all of the following conditions are met:
1. Violation of the coding practice will result in a security flaw that may result in an exploitable vulnerability.
2. There is an enumerable set of exceptional conditions (or no such conditions) where violating the coding practice is necessary to ensure the correct behavior for the program.
3. Conformance to the coding practice can be verified.
Rules must be followed to claim compliance with a standard unless an exceptional condition exists. If an exceptional condition is claimed, the exception must correspond to a predefined exceptional condition and the application of this exception shall be documented in the source code. Recommendations are guidelines or suggestions. Coding practices are defined to be recommendations when all of the following conditions are met:

  • Application of the coding practice is likely to improve system security.
  • One or more of the requirements necessary for a coding practice to be considered a rule cannot be met.

Read More

Read More