Tips for Secure App Development
Note: All links on this page are external links, and are provided as reference only.
TIP 1 | Validate and test inputs. Test the size and structure of incoming data; if your software takes user input, then count on someone trying to enter a door your code leaves open. |
TIP 2 | Provide users only the functionality, data and systems information that they need to perform their tasks (Principle of Least Privilege). |
TIP 3 | Sanitize data sent to other systems and output encode all data returned to client that came from outside. |
TIP 4 | Handle errors securely—ensure your error messages don’t disclose sensitive information. This includes system details, session identifiers or account information. |
TIP 5 | Defense in Depth—add controls in your code that approach risks in different ways. For example, consider tier-based validation and requiring users to be logged on all pages. |
TIP 6 | Learn and defend against the OWASP Top 10* Application Security Risks. The Open Web and Application Security Project (OWASP) Top Ten is a global report on the 10 most critical web application security vulnerabilities. |
Language-Specific Tips
Python
Node.js
Java
C++
Ruby
.NET
PHP
C