1 Secure Development Guide

The Secure Development Guide provides an overview for developers using the Oracle® Healthcare Foundation Admin Console user interface and the File upload and Omics data ingestion API services on how to assist in mitigating common security risks.

The Open Web Application Security Project (OWASP) publishes a list of top 10 critical web application security vulnerabilities identified each year. The OWASP Top 10 vulnerability list is technology agnostic and does not contain language or framework specific examples, explanations, hints, or tips. This document provides software developer insights into how the API was created and can be used while addressing the top 10 security vulnerabilities documented in the OWASP Top 10 for 2013. Since defense in depth is a principle strategy for a secure product, do not exclusively rely on the techniques documented herein. Implement and extend these techniques in your own code as you develop your interface to the API specification.

The set of recommendations in this document is not exhaustive and no guarantee is given that implementing all the suggestions in this document provides sufficient protection for all security threats. The reason for this disclaimer is that you cannot delegate responsibility for secure application development to a third party or to a single document. This document is to help developers that know the security tools and features that they can use to implement application security. This document does not replace a formal review process.

• Introduction
  
• OWASP Top 10 Security Vulnerabilities
  
• Security Awareness and Education
  
• The Risk Associated with "Building Your Own"
  
• Top 10 Security Risks for 2013
  
• Other Aspects of Security
  
• Appendix: Recommended Readings
  
• Documentation Accessibility