Safeguard your code: 17 security tips for developers

Rigorous input testing, passwords, encryption -- security is a feature no programmer can afford to overlook

Page 5 of 5

Secure programming tip No. 14: Trust goes both ways
It's easy to be suspicious of those who log into your website, but remember that they should be suspicious of you, too. Are you really the bank that holds their money, or are you a phishing website trying to steal everything they own?

Some sites are investing in proving themselves to the customers. They ask the customer to upload some photo or set of words that the website can use to prove that they're who they say they are. This can make everyone more secure.

Secure programming tip No. 15: Keep apprised of the latest threats
Following the industry press is absolutely essential, and InfoWorld is just one of the publications that covers tragic mistakes. Good articles can show you what others did wrong and give you a chance to think like an unauthorized prowler.

Understanding what happened in the past is a good way to begin planning for the future when a similar attacker may come after you -- a similar attacker who is also reading the same articles and thinking about them in a more malicious way. Once the ideas are out there, you have to take notice or the attackers will get a jump on you.

Secure programming tip No. 16: Deep research can pay off
The daily press is the first draft of how not to step in deep manure. Better lessons come from reading the books and journal articles written after the researchers have had time to think about what went wrong. These often include good rules and methods for avoiding the problem in the future.

Investing some time and money in books is often an incredibly cheap way to get knowledge from some of the most highly paid consultants. A book that costs $200 or $300 may seem outrageously expensive, but not when the consultant also charges $500 an hour and insists on a 20-hour minimum.

Secure programming tip No. 17: Educate yourself
You can enroll in a local university or try one of the new free courses online. These are different ways of learning the information that often hasn't been distilled and put in book form. The professors are usually following the latest publications in academic conferences, and they likely include copious footnotes and pointers. Even if you know much of the information already, auditing a course helps you keep current with the latest discoveries and publications.

Related articles

This article, "Safeguard your code: 17 security tips for developers," originally appeared at Follow the latest news in programming at For the latest business technology news, follow on Twitter.

| 1 2 3 4 5 Page 5