Summary

Security should be designed into your application—not treated as an afterthought. Not all the issues discussed in this chapter will be of concern to you, but you can pick those that are and plan for them accordingly.

The best way to handle security issues is to try to think like a cracker: attempt to circumvent any security put in place, and look for weaknesses. It can often be worthwhile, depending on the sensitivity of the application, to get a security specialist to test it for you.

Alternatively, ask another developer to test it from a fresh perspective, without any preconceived knowledge of what security has been implemented in the system. The most important tip is to assume that the client will be compromised and design security elements into your domain services to always verify that the client has permission to perform every action immediately before executing it.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.119.114