Do you follow Security Checklists?

Last updated by ChristianMWaite over 4 years ago.See history

The following checklist is a good example of areas to focus on:

  • Run penetration tests with to check how exposed your servers are
  • Look for passwords in .config and code (SSW Code Auditor can help)
  • Authentication process of identifying who the user is
  • Authorization what the user can do within the application
  • Licensing to control the usage of the software
  • Validation of all inputs in the system (cross site scripting (XSS) and SQL injection)
  • No in memory generation of SQL statements (and are they using a good ORM)
  • Encryption of passwords and any sensitive data
  • Software Licensing protection mechanisms (and a recommendation to a subscription model)
  • Methodologies and best practices to reduce your exposure to hostile attacks
  • Logging who is doing what and when (audit trails)

There is a more comprehensive list here on GitHub: A practical security guide for web developers.

We open source. Powered by GitHub