Security & Privacy
Security
Security is an idea implemented to protect software against malicious attack and other hacker risks so that the software continues to function correctly under such potential risks. Security is necessary to provide integrity, authentication and availability.
There are a number of common actions and checks to maintain security:
- Sanitize inputs at the client side and server side
- Encode request/response
- Use HTTPS for domain entries
- Use only current encryption and hashing algorithms
- Do not allow for directory listing
- Do not store sensitive data inside cookies
- Check the randomness of the session
- Set secure and HttpOnly flags in cookies
- Use TLS not SSL
- Set strong password policy
- Do not store sensitive information in a form’s hidden fields
- Verify file upload functionality
- Set secure response headers
- Make sure third party libraries are secured
- Hide web server information
It is also common to apply security testing to software. There are a number of free security scan tools available as well as paid security testing services.
More Information
- Mozila Web Security
- OWASP
- Software Development Security
- Best Practices
- Security Testing
- Web Security Privacy
- Web Security - netsparker.com
- Security Scanners
- Pen Test Tools
Privacy
Privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself over the Internet. Any software that collects sensitive user data must follow best practices:
- Protect any stored data and only store what is needed
- Make it easy to retrieve, delete or anonymise data when needed
- Get fair consent before you communicate with users and maintain a preferences management page
- Users must be able to opt-out of profiling