Tips for Secure App Development

Note: All links on this page are external links, and are provided as reference only.

1. Validate and test inputs. Test the size and structure of incoming data; if your software takes user input, then count on someone trying to enter a door your code leaves open.
2. Provide users only the functionality, data and systems information that they need to perform their tasks (Principle of Least Privilege).
3. Sanitize data sent to other systems and output encode all data returned to client that came from outside.
4. Handle errors securely—ensure your error messages don’t disclose sensitive information. This includes system details, session identifiers, or account information.
5. Defense in Depth—add controls in your code that approach risks in different ways. For example, consider tier-based validation and requiring users to be logged on all pages.
6. Learn and defend against the OWASP Top 10 Application Security Risks. The Open Web and Application Security Project (OWASP) Top Ten is a global report on the 10 most critical web application security vulnerabilities.