It's time to discuss the best security practices, without which this story would not be complete:
- Do not retain the password: The HTTP basic authentication is deprecated, so use other techniques such as OAuth to make a more secure application following standards. Use safe OAuth tokens instead of passwords.
- Perform the input validation: You should always sanitize all input data. You need to check string length, validate file types, and check the minimum and maximum values to be sure that all the data sent to the server via the
POSTrequest is in the proper format and length. - Filter input and sanitize output: You should always filter all the data that comes from the client to the web server and sanitize all the data coming back to the client.
- Use a secure connection: Use the TLS certificate to organize a secure connection between the web browser and server to provide all REST APIs or AJAX requests over TLS. TLS in conjunction with OAuth is a safe and suggested solution.
- Do not expose the debug information: Don't forget to switch off the debug logs because they can contain sensitive information.
- Test boundaries: Your tests must check all the possible positive and negative cases and scenarios.
- Hide the server information: Don't display the server information on any server-generated documents as this will allow hackers to select the right kind of hack from the hacks that are either available freely on the web or developed by hackers themselves.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.