What security issues should I consider when coding?

Question

What security issues should I consider when coding?

I know that SQL Injection is one thing ... that the other ...

+3

security

Stackunderflow Nov 04 '08 at 15:23

source share

15 answers

Others said it, but ...

Essentially all security vulnerabilities come from data. If your program does not process any data, it can be safe. It can also be pretty useless :).

This leads to what I consider to be the basic concept for ensuring code security:

Do not trust your data. Ever.

, . (, , , Java #), , .

+11

Larry Osterman 10 . '08 6:53

. ( , , , , - , . CRM: " , , Enterprise Manager Query Analyzer ?" )

+6

John Rudy 04 . '08 15:29

10 . , . , , № 8, " ".

+3

Flory 04 . '08 16:17

.

-R

+2

Huntrods 04 . '08 16:46

, C, .

+1

Aaron Maenpaa 04 . '08 15:25

-, ...

JavaScript-. - - , -, JavaScript JavaScript, , ( /), javascript.

+1

Chad Moran 04 . '08 15:27

...

19

+1

Martin 04 . '08 16:52

. /// " ? , ? , ". ; . , , . - , . .

, String , : " , ?" if-else , .

+1

Omniwombat 05 . '08 0:04

. , , . , dev. , . .:)

+1

JP Alioto 15 . '09 0:52

: 19

, , . - , .

+1

eglasius Apr 15 '09 at 1:15

source share

Sending plain text passwords without first encrypting them is never a good idea.

0

Robert Nov 04 '08 at 15:27

source share

Avoid sending plain text names.

0

Robert Nov 04 '08 at 15:28

source share

how about checking user input? For example, you expect a 10-digit phone number, but you get "800OHNOES!"

0

warren Nov 04 '08 at 15:30

source share

In addition to the great OWASP tutorial, also check out SANS / CWE.

0

McGovernTheory Apr 15 '09 at 0:39

source share

S. Lott · Accepted Answer · 2008-11-04T15:29:26+0000

OWASP.org maintains a list. Start with the top ten OWASP .

What security issues should I consider when coding?

More articles: