Coding Guidelines

Consistent Code Formatting

• Use a consistent code style across the project.
• Follow established guidelines for indentation, spacing and line breaks.
• Ensure that only used code is present in the codebase.
• Remove unused or commented-out code to minimize potential security risks and improve maintainability.

C# Guidelines

• Follow Microsoft Coding Convention
• Set a Visual Studio .editorconfig file per project. (As a starter the .editorconfig file available at Visual Studio editorconfig should be used)
• Set a .gitignore file, as a starter use Visual Studio .gitignore.

Java Guidelines

• Follow the Google Java Style Guide

Version Control (Git) Guidelines

• See “Git” in the general section.

Testing and Quality Assurance

• Follow the Clean Code Rule.
• Write unit tests for critical functionality using common testing frameworks like nunit, xUnit or MSTest (list nonexhaustive).
• Use the Git flow process/pull requests for contributing to a project

Security Guidelines

• Validate and sanitize all user input on the client side to prevent malicious input from causing security vulnerabilities.
• Implement measures to prevent cross-site scripting attacks by sanitizing user-generated content and escaping special characters.
• Use a Content Security Policy to restrict the execution of scripts and other resources to trusted sources, mitigating code injection attacks.
• Apply CSRF protection techniques, such as including CSRF tokens, to verify the authenticity of incoming requests and prevent unauthorized actions.
• Ensure that all communication between the frontend and backend is encrypted using HTTPS to protect data from interception and tampering.
• Implement secure authentication and authorization mechanisms to verify the identity of users and control their access to resources.
• Follow secure coding practices to minimize security vulnerabilities, avoid hardcoded sensitive information and regularly update dependencies.
• Implement robust error handling and logging mechanisms to securely handle and log errors without exposing sensitive information.
• Conduct regular security testing, including penetration testing and security assessments, to identify and address vulnerabilities proactively.

Documentation

• Document the codebase, including APIs, libraries and project-specific conventions.
• Provide clear instructions on how to set up the development environment and run the project within the project's readme file
• Include information on project structure, architecture and major components.
• Description info must be filled in the Repository details of Bitbucket repository