For years, security experts have warned of vulnerabilities in web applications. And these warnings are unfortunately coming to fruition. Today, the headlines are dominated with news of a hacker successfully infiltrating one web application or another. We cannot hack or firewall our way to become impenetrable – hackers have proved that – so what can be done to secure these often critical applications?
Thankfully, it is possible. Here are seven steps to security-centric computer programming necessary to build low-risk web-based applications.
Step 1: Query Parameterisation
Step 2: Secure Password Storage
Step 3: Contextual Output Encoding XSS Defence
Step 4: Content Security Policy
Step 5: Cross Site Request Forgery
Step 6: Multi Factor Authentication
Step 7: Forgotten password security design
Via Jan Hesse