Secure coding checklist

I wrote this book so that you can have a bible of application security to use on a daily basis in your career. I want this book to contain practical scenarios as much as possible, such as the checklist mentioned in this section. Filling words in a book are not my style—I like actions (quick quote: planning without actions is just a dream), and the upcoming checklist contains straightforward rules that you can use both as a security guideline for developers and as a checklist for you when you manually inspect the source code:

Authentication and credentials management:


Authentication credentials must use TLS and not HTTP cleartext.

Authentication must be enforced on all pages, except the ones intended to ...

Get Practical Web Penetration Testing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.