Software Security Features

Security is paramount when developing applications for the web. The best way to achieve a truly secure web application is to build that application with security in mind from the start. Whatever which programming language you are using.

As one popular web application language, PHP improved its  enhanced security feature in PHP 7, which help you building truly secure web applications with confidence and aptitude.

Here I listed some security topics you should pay attention on:

  • Configuration authoriation
  • Session Security
  •  Cross-Site Scripting
  • Cross-Site Request Forgeries
  • SQL Injection
  • Remote Code Injection
  • Email Injection
  • Filter Input
  • Escape Output
  • Encryption, Hashing algorithms
  • File uploads
  • Password hashing API

As a programmer or developer, you should know some security concepts, so you can keep it in mind during the development.

Some high frequency security concepts you can search via Google or Bing, like:

  • Defense in Depth
  • Security Rules
  • Building Secure Web Applications Guidelines
  • Open Web Application Security Project (OWASP)
  • Web Application Exploits
  • Risk Management
  • Injection

Security strategy is kind of like playing offence-defense game. So you have to understand below Attacks:

  • SQL Injection
  • XSS Injection
  • Cross-Site Forgeries (CSRF)
  • Brute Force
  • Broken Authentication and Session Management
  • Insecure Direct Object References
  • Security Misconfiguration
  • Insufficient Cryptographic Storage
  • Missing Function-Level Access Control
  • Using Components with Known Vulnerabilities
  • Invalidated Redirects and Forwards

Once you know the methods of Attacks, you can build up prevention system:

  • Secure Configuration
  • Authentication Techniques
  • Password Cryptography
  • Hermetic Filtering/Validation/Escaping Techniques
  • Handling Asynchronous Web Calls (AJAX)
  • Lock down Database Security
  • Employing Access Controls and Handling Account Lockouts (ACL)
  • White Listing Techniques
  • Using an API Framework (Apigility)
  • Creating a stand review process
  • Captchas, Tokens and Session Management
  • Cryptographic Storage Techniques
  • Extension Evaluation
  • Securing File Uploads
  • Logging
  • Web Server Security
Advertisements

About qianggan

Sr. Software Engineer
This entry was posted in Computers and Internet. Bookmark the permalink.

One Response to Software Security Features

  1. Kevin Lee says:

    Hi There,

    Thank You so much for this blog. It helped me lot. I am a Technical Recruiter by profession and first time working on this technology was bit tough for me, this article really helped me a lot to understand the details to get started with.
    As per Forrester Wave 2017 Q1[1] report best RPA vendors are
    • Automation Anywhere
    • UiPath
    • NICE
    • BluePrism
    • EdgeVerve
    • Workfusion
    • Pega / OpenSpan

    forrester.png602x521 114 KB
    UiPath scores best in the technology category, AA has the biggest market presence and breadth of use-cases while BP scores best when it comes to bot governance and deployment features though, I think, they are a bit underrated.
    Secondly it depends on the use case and who you are. For example, WF is great when it comes to digitization(OCR) processes while UiPath offers a free community edition.
    Appreciate your effort for making such useful blogs and helping the community.

    Obrigado,
    Kevin

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s