Every Programmer should be aware of some security tips

By ridhigrg |Email | Feb 6, 2019 | 4086 Views

Every programmer should know security tips for programming which may help them in their career.
#1 Test inputs Rigorously
From the user, if your software takes input from the user, someone will grab something out from you.  The incoming data should be checked according to the size and the structure and should not trust the users. A test, system, or procedure that is rigorous is very thorough and strict. The selection process is based on rigorous tests of competence and experience. If someone is rigorous in the way that they do something, they are very careful and thorough.
#2 Encryption should be used More Often 
 Encryption is often underused as it adds importance to machinery and debugging becomes much difficult. It would be harder to look upon the errors in the system. Some are used for the encryption of messages, for other keys encryption, some are used and for the authentication of message or users also some of them are used.  Most often, encryption issued in the design of secure systems as a way to reduce the amount of information that needs protecting by other means. 
#3 Use Internal APIs
 It's even more valuable for security because APIs can make it simpler to audit interactions. An API layer designed for developer consumption decouples consumption from the underlying complexity of systems of record, providing access controls and an audit trail for all system access.
#4 Limit Privileges
A good principle is to give code and people the smallest amount of privilege needed to get the job done. If this turns into a management headache generating too many requests for extra privileges, it may make sense to rethink the architecture for the data. However, these accounts should not be used on a regular, daily basis. Therefore, some form of action should be taken to limit the use. The obvious choice is to restrict which users know the passwords for these accounts. For the Active Directory related Administrator accounts, it is a good idea to have a process for applying the password where no one user knows the entire password. This can easily be done by having two different administrators input a portion of the password, then documenting that portion. If the account ever needs to be used, both documented portions of the password can be obtained. 
#5 Build Multiple Walls
Security often completes with the demand for ease of use. people the logging into different parts of the system, but it can be dangerous to link everything to one portal. The easier you make it for legitimate users, the easier you make it for attackers.
#6 Just Store What You Need
Information costs time to process, takes up disk space, and makes an attractive target for information thieves. Try to ask users for information that you're really going to need through your software lifecycle.
#7 Keep Apprised of the Latest Threats
Following the industry trends is absolutely essential. Understanding what happened in the pad is a good way to begin planning for the future. Ransomware became a huge issue in 2016, and its influence has been felt in just about every area of life. To this malware, there are many individuals and many businesses which have fallen for it that encrypts the user's data and forces them to pay money to get it back.

Source: HOB