App development best practices - TechRepublic
General discussion
December 21, 2005 at 07:27 AM
mirrormirror

App development best practices

by mirrormirror . Updated 20 years, 6 months ago

I was recently tasked with assessing vulnerabilities on some of my companies database servers and the applications that connect to them. I have been asked as part of the documentation to provide a list of best practices. We are a small shop that has not had a set standards or security policy so this is new.

Here is what I have so far, let me know what I can add or what you use.

1. Only display essential data on web pages.
2. Make sure that application users and connections have bare minimum rights on the database server.
3. Sanitize data that is freely input by users.
4. Use prepared statements to send precompiled SQL statements.
5. Never allow client supplied data to modify the syntax of SQL statements.
6. Isolate the web application from SQL altogether.

I really appreciate any input!

This discussion is locked

All Comments