-
Notifications
You must be signed in to change notification settings - Fork 2
Secure Coding Practices
David Adrian edited this page Mar 27, 2015
·
7 revisions
EECS 388 is not a required class. A lot of people graduate without knowing secure coding practices. A bunch of tips telling what people should avoid would be a great idea.
- Using web frameworks that do stuff for you
- Use TLS
- Data sanitization
- Code-Data treatment
- Prepared statements
- Binding Sessions to IP's
- Principle of least privilege
- XSS, SQL injection
- Links to Owasp
- FTP vs SFTP
- HTTP vs HTTPS
- Basic models of authentication, and explaining problems with them
- Don't use C (Go more about bad C practices)
- Keys/Cryptographic keys/Hashing vulnerabilities
- Don't implement your own Crypto
TODO (For Rohit: Add a bunch of tips of what people should not do and expand upon those sub points) Ask Gulshan, David Adrian, Ariana and Vikas for help with this