My (past) thinking on writing secure code.


  • I don’t know how; I don’t think that’s definitively possible.
  • I ask people to attack my stuff, and I fix what they find.


  • I know there are tools that help with this. I use quite a few quite a lot, but if you know some, please comment them and I’ll add them to my build pipeline.
  • I wrote this up at a feverish rate following a boxing session. If you find flaws in it, point them out, and I’ll both thank you publicly and amend the doc.




Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store