Sunday, December 2, 2018

Most Important Security Practices

  • Remove all passwords, keys etc from code and use vaults/jks etc for storing them securely
  • Review all exposed APIs in terms of sanitising input params, build rate controls, authentication, and source whitelisting
  • Build DDoS protection by reviewing perimeter architecture, implementing a WAF, put request rate limits at load balancer
  • Keep reviewing all security groups, firewall rules, patch any system with vulnerable components
  • Start secure code reviews for all releases and review input sanitisation, query parameterisation and other OWASP items.


Post a Comment