Archive for the ‘best practice’ Category
OWASP Top 10 Security Threats 2010
In case you don’t have them to hand:
Last updated on April 22, 2010, the OWASP Top 10 Web Application Security Risks for 2010 are:
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Broken Authentication and Session Management Read the rest of this entry »
Where to start with secure coding practices
Often, with coding projects that have developed organically, or with no specific security focus at the outset of the development. The question often arises where to start in securing the code one has.
The first step is to understand that there are issues to work through to retrofit security back into the code. Ideally, the code starts from a secure basis, but under some circumstances, the size or budget of the project does not allow for this.
So, how to proceed?
In terms of the code that we use to display, manage and filter user inputs before creating outputs, we know that there are a few challenges we need to mitigate in order to create a more secure data environment.
Some initial thoughts for discussion, below. Read the rest of this entry »