Hello, how are you?
This post is to celebrate the mark of 1 million views that the blog reached in the last month. Below you will find a free mini book about project security.
We are very excited to celebrate this milestone, all the 300+ post writers of the blog(cof cof cof) cannot wait for the party:
Ok… We will do the celebration in another day.
Today we will talk about security. Not only environment security, but how can we create a secure code. This post is what I call of: “Mini Book”. This post will not be published as a book, but it does not have a few pages like other posts.
It is easy to hear about a hacker attack in the news, but we do not take a time to think about security measures to our systems.
A project that has a code with good security practices and a production environment that is safe and fast to respond a hacker attack should be a requirement for every project. We need to be sure that our code is following good security practices; it is fundamental that our production environment is protected and ready to react when a hacker attacks our project.
PS.: I will not create a PDF version of this post. I have invested several hours planning, writing, formatting and translating this post. I do not have enough time to create a PDF or any other file format version of this post. This Mini Book will be available on-line only.
What you will see here:
- Page 02: What are the foundations of security?
- Page 03: Who will access our project?
- Page 04: A good hacker always will have time
- Watch out for the returned information
- Watch out for the size of the returned message
- Firewall/SSL does no magic
- Page 05: Attack types and suggestion prevent/handle them
- SQL Injection
- JPQL Injection and HQL Injection
- Cross-site scripting (XSS)
- Brute Force Attack
- Man in the middle
- XPath Injection
- LDAP Injection
- DoS or DDoS
- Slow DoS
- Page 06: Protect your data
- Protecting the incoming data
- Protecting the outgoing data
- Page 07: The “Client Side”
- URL tips
- Technical Tests
- Page 08: Validation
- Data validation
- Be careful with uploaded files
- Page 09: Always start with the lowest privilege
- Page 10: Handle all project exceptions
- Page 11: Watch out for third party libraries
- Page 12: System versions
- Page 13: Pay attention to the log
- Page 14: Add layers to your project
- Page 15: Comments in code are not always healthy
- Page 16: Always do a Code Validation
- Page 17: Create a Checklist
- Page 18: IT Staff
- Data leaking
- Be careful with your code
- Fired Employee
- Code Review / Pair Programming
- Defining a terminology
- Page 19: Handle the passwords correctly
- Page 20: Good practices to handle user requests
- Hide the buttons/links, but protect the code
- Know your user needs
- Always hide
- Page 21: Security Policies
- Page 22: Be careful with errors in the code/frameworks
- Do not expose the technologies
- Do not mix the types
- Use brackets in the Ifs
- Integer and Floating
- Defensive programming
I am not an expert in the security subject; I am sharing what I learned by reading books or in the places that I have worked.
Let us begin.