Database access is a very attractive target of global cybersecurity attacks. Several big players have become a victory of database-related, so-called SQL injection attacks recently. If your developers exclusively use prepared statements for database access, your application will be robust against this critical attack.l apply some basic secure software development principles to avoid security loopholes.
The first one being, do not reinvent the wheel!
It might be that you have excellent ideas when it comes to encryption, authentication, or authorization, but the risk related to your self-made function in that area is obviously too high. Use only standardized encryption, authentication and authorization frameworks.
The second one being, that the input and output should be validated!
Nowadays, application-based attacks are one of the biggest security concerns. Due to their nature, those incidents are often difficult to detect because a firewall or intrusion detection system cannot distinguish between a real user and an application layer attack. Therefore, we should always validate all input independent of its origin. Also, we should also scan output prior to sending it to the user.
The third one being, that prepared statements should be used!
Database access is a very attractive target of global cybersecurity attacks. Several big players have become a victory of database-related, so-called SQL injection attacks recently. If your developers exclusively use prepared statements for database access, your application will be robust against this critical attack.
The last one being that a regular code scan should be scheduled!
Security issues must be eliminated from the root, the source code. Only secure code scans according to security standards such as OWASP top 10 or SANS top 25 will help you to identify and eliminate critical issues in your code during software development.
All things considered, the basic best practices mentioned above will push your software development projects towards security. Also, OWASP provides excellent background information for secure software development.
Commentaires