Protecting your Project – Mini Book

Hello, how are you?

This post is to celebrate the mark of 1 million views that the blog reached in the last month. Below you will find a free mini book about project security.

We are very excited to celebrate this milestone, all the 300+ post writers of the  blog(cof cof cof) cannot wait for the party:

happy

Ok… We will do the celebration in another day.

Today we will talk about security. Not only environment security, but how can we create a secure code. This post is what I call of: “Mini Book”. This post will not be published as a book, but it does not have a few pages like other posts.

It is easy to hear about a hacker attack in the news, but we do not take a time to think about security measures to our systems.

A project that has a code with good security practices and a production environment that is safe and fast to respond a hacker attack should be a requirement for every project. We need to be sure that our code is following good security practices; it is fundamental that our production environment is protected and ready to react when a hacker attacks our project.

PS.: I will not create a PDF version of this post. I have invested several hours planning, writing, formatting and translating this post. I do not have enough time to create a PDF or any other file format version of this post. This Mini Book will be available on-line only.

What you will see here:

  • Page 02: What are the foundations of security?
  • Page 03: Who will access our project?
  • Page 04: A good hacker always will have time
    • Watch out for the returned information
    • Watch out for the size of the returned message
    • Firewall/SSL does no magic
  • Page 05: Attack types and suggestion prevent/handle them
    • SQL Injection
    • JPQL Injection and HQL Injection
    • Cross-site scripting (XSS)
    • Brute Force Attack
    • Man in the middle
    • XPath Injection
    • LDAP Injection
    • DoS or DDoS
    • Slow DoS
  • Page 06: Protect your data
    • Protecting the incoming data
    • Protecting the outgoing data
  • Page 07: The “Client Side”
    • URL tips
    • Technical Tests
  • Page 08: Validation
    • Data validation
    • Be careful with uploaded files
  • Page 09: Always start with the lowest privilege
  • Page 10: Handle all project exceptions
  • Page 11: Watch out for third party libraries
  • Page 12: System versions
  • Page 13: Pay attention to the log
  • Page 14: Add layers to your project
  • Page 15: Comments in code are not always healthy
  • Page 16: Always do a Code Validation
  • Page 17: Create a Checklist
  • Page 18: IT Staff
    • Data leaking
    • Be careful with your code
    • Fired Employee
    • Code Review / Pair Programming
    • Defining a terminology
  • Page 19: Handle the passwords correctly
  • Page 20: Good practices to handle user requests
    • Hide the buttons/links, but protect the code
    • Know your user needs
    • Always hide
  • Page 21: Security Policies
  • Page 22: Be careful with errors in the code/frameworks
    • Do not expose the technologies
    • Do not mix the types
    • Use brackets in the Ifs
    • Integer and Floating
    • Defensive programming

I am not an expert in the security subject; I am sharing what I learned by reading books or in the places that I have worked.

Let us begin.

4 thoughts on “Protecting your Project – Mini Book

Leave a Comment