Have got some links/guides from BTan previously for OWASP & Java.
I'll now need secure programming guides/standards for Cobol (the ones used in IBM mainframes/AS400)
esp those with good practices like:
a) proper input validation (eg: to mitigate against XSS & injections)
b) avoid hardcoding passwords & IP addresses in the codes
c) enforcing session timeouts (session idle is forced to logout)
d) exceptions handling (so that under exceptions, the program doesn't bomb out, possibly to OS)
For .Net & Java, we used Fortify to scan the codes; is there equivalent scannners for Cobol?
======================== Past links I got from EE BTan ==========================
The most common is use of OWASP recommended ESAPI in various lang for secure coding adopted by organisation practices https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API