10 Security tips to building secure software

10 Security tips to building secure software

By ghost | 5843 Reads |

0     0

1 - Secure the weakest link Focus your security efforts on all parts of your system. Security is part of the design not an after thought, after your done try to add more security to what you preceive to be the weakest part of your system cause i for one am probably going to go after that and not your million bit keyed cryptosystem.

2 - Practice defense in depth Try and implement more than one layer of security, just in case one gets broken // common sense

3 - Fail securly Dont offer to much information when an error occurs. for example dont show a person the query to your database if his input fails. this would lead to hours cut from the attackers time, if not days Generic error messages are a much better way to go.

4 - Follow the principle of least privelage Give your application the lowest privelage level needed for it to function properly. so that if someone does find a hole in your application and exploits it they dont get handed root privelages on a silver platter // make em work for it otherwise its no fun ;D

5 - Compartmentalize Keep things seperate and organized, so that your code is easy to debug and upgrade if and when holes are found

6 - Keep it simple this is similar to number 5. the simpler your solution the harder it is to get it wrong. if your code is complex and just one big mess ill tell you know you aint commin to me to debug it for ya

7 - Promote privacy Users are lazy when it comes to security so make sure security options are on by default.

8 - Validate all your input This is probably the most important rule. validate , revalidate , and then when you've had enough validate again. this will greatly decrease the threats faced by your application coming to fruitation. By and large this will generally all but rule out most types of injections be it SQL injection or command injection

9 - Be reluctant to trust Authenticate who you communicate with in evey way possible to try and reduce the man in the middle category of attacks, and by authenticate i dont mean once always try and implement ongoing authentication

10 - Use your community resources if you need common modules / header files , help , ideas , try and ask around find out what people think, use, and generally stay away from. this will help alot in avoiding stupidity (i.e. thinking base64 is proper encryption) and errors (coding your own modules when there are others that have undergone years of use and abuse available).

Let me know what you think. criticism is welcome aslong as its constructive Kmamoun. Aka B.B.s.N