All Comments
TopTalkedBooks posted at August 20, 2017

Many resources are available, some in question are:

TopTalkedBooks posted at August 20, 2017

Principles to keep in mind if you want your applications to be secure:

  • Never trust any input!
  • Validate input from all untrusted sources - use whitelists not blacklists
  • Plan for security from the start - it's not something you can bolt on at the end
  • Keep it simple - complexity increases the likelihood of security holes
  • Keep your attack surface to a minimum
  • Make sure you fail securely
  • Use defence in depth
  • Adhere to the principle of least privilege
  • Use threat modelling
  • Compartmentalize - so your system is not all or nothing
  • Hiding secrets is hard - and secrets hidden in code won't stay secret for long
  • Don't write your own crypto
  • Using crypto doesn't mean you're secure (attackers will look for a weaker link)
  • Be aware of buffer overflows and how to protect against them

There are some excellent books and articles online about making your applications secure:

Train your developers on application security best pratices

Codebashing (paid)

Security Innovation(paid)

Security Compass (paid)

OWASP WebGoat (free)

TopTalkedBooks posted at August 20, 2017

Check out Writing Secure Code by Michael Howard and David LeBlanc from Microsoft Press. It's got a lot of good information on secure coding in general as well as a chapter or two specific to web programming. It's a Microsoft book but most of the ideas translate to whatever language you are working in.

Link to Amazon.

Top Books
We collected top books from hacker news, stack overflow, Reddit, which are recommended by amazing people.