As far as know, I must be careful with PHP, and I think Javascript. What else?
views:
74answers:
2
+3
A:
Security vulnerabilities are (mostly) independent of the language involved (except for memory issues).
Instead, you should focus on tasks with potential vulnerabilities, such as processing user input or handling sensitive data.
Some things to watch out for:
- Always use parameters in SQL
- Always escape correctly (when generating HTML, JSON, Javascript strings, or anything else)
- Be extremely careful when executing code dynamically (eg,
eval, automatic updates, etc) - Always validate user input on the server
You should also read articles about security, such as the Top 25 Most Dangerous Programming Errors.
SLaks
2010-03-24 03:10:44
+1 for "always use parameters in SQL". I actually find it's *easier* to code SQL that is properly parameterised, anyway! (though I guess that depends on which library you use)
Dean Harding
2010-03-24 03:17:56
+1
A:
OWASP provides an annual report describing the top ten web application security flaws (see link below for description of the project and the most recent report). As SLaks wrote, many vulnerabilities are independent of the language. Web applications need to be designed with security in mind.
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
sutch
2010-03-24 03:20:59