InfoSec from the eyes of an SDE

Image Credits: https://portswigger.net/burp/application-security-testing
  1. Always validate any data entering or leaving a module. From data exposure to code injection, most attacks listed on OWASP Top Ten can be mitigated with proper validation mechanisms.
  2. Be conscious about where your code would actually run. Critical data (such as keys and credentials) should NEVER be brought to the client’s device.
  3. Ensure that authentication and authorization are enforced between every layer. The latter is often overlooked when dealing with heterogeneous systems.
  4. Log important transactions. Preferably, integrate it with a SIEM/SOAR platform.
  5. Beware of a secret sprawl. It’s best to centralize and regulate your key/secret management. A big NO to hardcoding keys in random parts of your code, even if you think they never leave your server.
  6. Be cautious about any 3rd party libraries and integrations your product requires. Supply chain attacks are increasingly concerning. Remember, Open Source ≠ Secure.
  7. While it might not be apparent, code quality does play a role in an app’s security. Automated scanners & linters can help you keep a check on context-specific best practices.
  8. Plan for network/infrastructure security. Set up firewalls and IPS solutions to secure your network services. While a software engineer might not be expected to configure them, ensure that these aspects are taken care of.

--

--

--

An inquisitive Software Engineer & Cybersecurity Enthusiast

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

We Speak CVE Podcast — “How the New CVE Record Format Is a Game Changer”

We Speak CVE podcast, “Episode 6 — How the New CVE Record Format Is a Game Changer”

2 Easy Ways to Defend Your Digital Privacy

Is Cyber Warfare A Real Danger?

Consensus Token

{UPDATE} Police Dog Simulator 3D Hack Free Resources Generator

Seceon- Securing Your Clicks And Businesses With Top-Notched Cybersecurity Solutions.

Progress Update | 12th Nov 2020

What’s new feature aboout ReNFT V 1.5?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akash Ravi

Akash Ravi

An inquisitive Software Engineer & Cybersecurity Enthusiast

More from Medium

Mitigate Log4Shell, the Log4J Flaw

#3 SERVERS AND NETWORKING COMPONENTS: THE NETWORKING SERIES

Reverse engineering musings: WhisperGate Stages 1 & 2

5 Use Cases of Kondukto CLI in CI/CD pipelines