Secret ingredients to quality software


Do you follow Security Checklists?

Last updated by Christian Morford-Waite on 04 Dec 2019 01:58 am (over 1 year ago) See History

The following checklist is a good example of areas to focus on:

  • Run penetration tests with to check how exposed your servers are
  • Look for passwords in .config and code (SSW Code Auditor can help)
  • Authentication process of identifying who the user is
  • Authorization what the user can do within the application
  • Licensing to control the usage of the software
  • Validation of all inputs in the system (cross site scripting (XSS) and SQL injection)
  • No in memory generation of SQL statements (and are they using a good ORM)
  • Encryption of passwords and any sensitive data
  • Software Licensing protection mechanisms (and a recommendation to a subscription model)
  • Methodologies and best practices to reduce your exposure to hostile attacks
  • Logging who is doing what and when (audit trails)

There is a more comprehensive list here on GitHub: A practical security guide for web developers.

Adam CoganAdam Cogan
Danijel MalikDanijel Malik

We open source. This page is on GitHub