Chapter 22. Programming Practices

It is very difficult to prepare for every possible attack that can occur against your applications. In fact, if you take the approach of only trying to deny attacks, you will poise yourself in a race against potential attackers whereby the one with the most creativity wins.

A much better approach is to use sound design and programming practices as you develop your application. In fact, this approach can also help you to build more reliable applications, and many security weaknesses turn out to be errors in the software. The following list contains a few general guidelines worth following with respect to Web development. These guidelines are elaborated upon and further explained in the sections that follow.

• Never trust data from the client.

• Never depend on security through obscurity.

• Only grant necessary privileges.

• Always use the simplest solution.

• Always protect sensitive data.

Although there are many additional practices worth following, these key guidelines should shape your perspective as well as summarize the types of practices you need to always keep in the forefront of your thoughts. By adhering to these guidelines, you will ensure good habits that will help strengthen the security of your applications, and you will also be more likely to make more informed decisions regarding security.