Skip to main content

Application Security Tips of the Week

Application Security Tips of the Week

Use Simple Error Messages
What to Do Show simple error messages that don't contain too much information. Write detailed information to log files. Why Error messages should be s... more
Protect Session Cookies
Applies to Applications written using Servlets or JSP. What to Do Protect the confidentiality of session cookies. Why Session cookies are used by an a... more
Prevent Disclosure of SQL Errors
Applies to PHP What to Do Do not show SQL error messages. Why SQL error messages should not be displayed to prevent disclosing information about the d... more
Do Not Cache Sensitive Data
Applies To ASP.NET 4.0 What to Do ASP.NET output caching is a great way to improve application performance, however, if your page contains data that i... more
Use Parameterized APIs for Data Access
Applies to Applications written using Servlets or JSP that interact with a database. What to Do Use Prepared Statements to execute SQL statements. Do ... more
Log Unusual Activity
What to Do Log unusual activity. Why Unusual activity may be an indication that an attack is in progress. How Perform the following actions to impleme... more
Enforce Strong Password Requirements
Applies To PHP What to Do Enforce strong password requirements. Why Requiring strong passwords prevents weak passwords from being used. Using strong ... more
Use Positive Input Validation
What to Do Validate all user input by using white-list/positive input validation. White-list input validation means allowing only input that is explic... more
Prevent Information Disclosure in Error Messages
What to Do Ensure that error messages only contain minimal details that are useful to the intended audience, and nobody else. The messages need to str... more
Implement Authentication Controls to Fail Securely
What to Do Make sure authentication controls fail securely. Why Designing authentication to fail securely when abnormal conditions occur reduces the r... more