Secure code
guideline :
·
User input validation
·
Never used string concatenation to make SQL query
·
Never out data on user page before validation
·
Never used sensitive data in hidden filed and view
state
·
Protect SSL means and keep short time out for cookies
Authentication: to authenticate the user means to know who is
here
Authorization: once we know the user, now the question is
which process and which resource can be used by user
Confidentiality: when user is working with application we
need to make sure the resource are not open to other users so for that encryption
is required
Integrity: finally after application interaction we need to
make sure the resource of the application has not changed
No comments:
Post a Comment