Chapter 9. Common Best Practices in Application Security
Laxmidhar V. Gaopande
Cyber threats are increasing every day. The damages are phenomenal in terms of loss of brand reputation and loss of important data to the hackers. Banking, finance, insurance, healthcare, and ecommerce sites are highly vulnerable to hackers. Globally, digitization has increased the risk of cyberattacks, more due to an increase in cloud-based development, use of open source technologies, and new insecure development tools other than poor coding practices.
Code Scanning and Reviews
It is important that, during coding, developers ensure that they write code that is secured and not vulnerable to cyberattacks. MITRE and the OWASP have published a list of critical coding errors that cause security risks.
Developers must ensure that various vulnerabilities are not open, such as unencrypted data, dangerous file upload, no validations on harmful data while uploading, poor strength of passwords, unchanged passwords, use of open source code without checking its integrity, broken algorithms, redirection to untrustworthy websites from URLs, avoiding the use of non-TLS for the website access, network misconfigurations, unpatched systems, and so on.
Application scanning tools must be regularly used to detect vulnerabilities, including improper configurations, poor quality of programming, remote code execution (RCE), ...
Get 97 Things Every Application Security Professional Should Know now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
