Tips for Secure Programming ?


  • 9
    Don't roll your own crypto.
    Don't roll your own AuthN scheme
    Don't store passwords in plaintext
    Don't use string concatenation to put variables in SQL queries.
    Don't execute untrusted user input.
    Don't trust user input.
    Data validation must be done on the backend even if it is done on the front end.
  • 3
    @adhdeveloper only disagree with the variable concat in SQL queries. There are valid reasons to do this when building queries with code. The key is in your next rules though you cannot use user input unsanitized in the query as we can't trust any user input.
  • 8
    bitchslap everyone who isn't using parameterised queries. violence in general is bad, but in this case, it's warranted.
  • 8
    yup. Write No Code. Deploy Nowhere.
    But if you must:
    Assume ports are open to the internet..
    Encrypt All trafic using good known methods, with the latest crypto libs. Make sure crypto libs can be upgraded.
    Avoid using password. Use SSH keys/X509 certs anywhere possible.
    Limit incoming firewall.
    More limits on the outgoing Firewall.
    Never, Ever, store secrets in your git repo.
    Monitor CPU, Disk, And Ram usage, using alerts. Also - don't ignore the alerts!
  • 4
    To the all good advices I will add a good practice:

    When you think some conditions are impossible, write a default case to manage those states gracefully.

    Those conditions will inevitably happen.
  • 1
    Don't use strcpy lmao
Add Comment