Software Security Features

Security is paramount when developing applications for the web. The best way to achieve a truly secure web application is to build that application with security in mind from the start. Whatever which programming language you are using.

As one popular web application language, PHP improved its  enhanced security feature in PHP 7, which help you building truly secure web applications with confidence and aptitude.

Here I listed some security topics you should pay attention on:

  • Configuration authoriation
  • Session Security
  •  Cross-Site Scripting
  • Cross-Site Request Forgeries
  • SQL Injection
  • Remote Code Injection
  • Email Injection
  • Filter Input
  • Escape Output
  • Encryption, Hashing algorithms
  • File uploads
  • Password hashing API

As a programmer or developer, you should know some security concepts, so you can keep it in mind during the development.

Some high frequency security concepts you can search via Google or Bing, like:

  • Defense in Depth
  • Security Rules
  • Building Secure Web Applications Guidelines
  • Open Web Application Security Project (OWASP)
  • Web Application Exploits
  • Risk Management
  • Injection

Security strategy is kind of like playing offence-defense game. So you have to understand below Attacks:

  • SQL Injection
  • XSS Injection
  • Cross-Site Forgeries (CSRF)
  • Brute Force
  • Broken Authentication and Session Management
  • Insecure Direct Object References
  • Security Misconfiguration
  • Insufficient Cryptographic Storage
  • Missing Function-Level Access Control
  • Using Components with Known Vulnerabilities
  • Invalidated Redirects and Forwards

Once you know the methods of Attacks, you can build up prevention system:

  • Secure Configuration
  • Authentication Techniques
  • Password Cryptography
  • Hermetic Filtering/Validation/Escaping Techniques
  • Handling Asynchronous Web Calls (AJAX)
  • Lock down Database Security
  • Employing Access Controls and Handling Account Lockouts (ACL)
  • White Listing Techniques
  • Using an API Framework (Apigility)
  • Creating a stand review process
  • Captchas, Tokens and Session Management
  • Cryptographic Storage Techniques
  • Extension Evaluation
  • Securing File Uploads
  • Logging
  • Web Server Security
Advertisements

About qianggan

Sr. Software Engineer
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s