Has anyone looked into the area of secure coding practices specifically for the Openedge language? We've recently started using tools to scan our web based products for vulnerabilities, but are there any tools and guidelines available for Openedge desktop based applications? Looking at some of the material available around secure coding, there are areas which I feel we can adopt but wanted to see if anyone had already looked into this area and could provide further input.
Some areas that we'll be looking at;
- use of OS-COMMAND
- scanning data import files before parsing/loading/exporting in and out of the database
- integration to email services and possibly trying to limit sending of emails if a sudden spike is detected
- review our use of 3rd party components
Many thanks for any input