Secure programming tip No. 14: Trust goes both ways
It's easy to be suspicious of those who log into your website, but remember that they should be suspicious of you, too. Are you really the bank that holds their money, or are you a phishing website trying to steal everything they own?
Some sites are investing in proving themselves to the customers. They ask the customer to upload some photo or set of words that the website can use to prove that they're who they say they are. This can make everyone more secure.
Secure programming tip No. 15: Keep apprised of the latest threats
Following the industry press is absolutely essential, and InfoWorld is just one of the publications that covers tragic mistakes. Good articles can show you what others did wrong and give you a chance to think like an unauthorized prowler.
Understanding what happened in the past is a good way to begin planning for the future when a similar attacker may come after you -- a similar attacker who is also reading the same articles and thinking about them in a more malicious way. Once the ideas are out there, you have to take notice or the attackers will get a jump on you.
Secure programming tip No. 16: Deep research can pay off
The daily press is the first draft of how not to step in deep manure. Better lessons come from reading the books and journal articles written after the researchers have had time to think about what went wrong. These often include good rules and methods for avoiding the problem in the future.
Investing some time and money in books is often an incredibly cheap way to get knowledge from some of the most highly paid consultants. A book that costs $200 or $300 may seem outrageously expensive, but not when the consultant also charges $500 an hour and insists on a 20-hour minimum.
Secure programming tip No. 17: Educate yourself
You can enroll in a local university or try one of the new free courses online. These are different ways of learning the information that often hasn't been distilled and put in book form. The professors are usually following the latest publications in academic conferences, and they likely include copious footnotes and pointers. Even if you know much of the information already, auditing a course helps you keep current with the latest discoveries and publications.
- 9 key career issues software developers face
- Top 7 dilemmas facing today's developers
- 7 programming myths -- busted
- 10 hard truths developers must learn to accept
- 11 programming trends to watch
- 12 programming mistakes to avoid
- 10 programming languages that could shake up IT
- 9 popular IT security practices that just don't work
- 10 crazy IT security tricks that actually work
- Download: InfoWorld HTML5 Deep Dive
- Download: Malware Deep Dive Report
- Download: Data Loss Prevention Deep Dive Report
- Download: Insider Threat Deep Dive Report
- Quiz: "Hello, world": Programming languages quiz
- Quiz: Java IQ test
- Quiz: HTML5 IQ test
- Quiz: Programming IQ test: Round 1
- Quiz: Programming IQ test: Round 2
This article, "Safeguard your code: 17 security tips for developers," originally appeared at InfoWorld.com. Follow the latest news in programming at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.