Security and data protection are becoming now more and more popular topics. We are coming into the world where too much information is transfered/used/processed by computer systems and any leak of that information can cause a big trouble. Thus, it is very important for application to protect customer information as much as it can and do not allow it to spread out.There are many aspects of application security and these cover processes, architecture, infrastructure, code, etc. The whole topic is extremely big and versatile and there are some books written to cover all its possible verges. I will touch just a small piece which is related to something which is in area of developer’s responsibility – code and application architecture. Also, I assume that that reader mostly works on web applications implemented on Java or similar platform.
I disagree that creation of secure code is hard work; I would say it’s just a question of some knowledge and discipline. Here are several guidelines which developer has to follow to cover the most of application security vulnerabilities. Of course list is not complete and mostly covers just protection of customer’s data. Continue reading →