Friday, December 14, 2007

Essential Web Application Security

  • Input handling - properly validate and process inputs from interfaces to protect against cross-site scripting, SQL injection etc
  • Authentication and Session Management - authentication processes, encryption and certificate technologies managed through a session
  • Access Control - enforce access control rules, restrict access to system resources and functions based on policies
  • Error and Exception Handling - logging security-related events such as user log-ins, log-offs and credential changes
  • Encryption Services - use encryption to protect sensitive data
  • Secure Interfaces - secure interfaces with other applications

Essential security skills for Java developers

No comments: