Security Code Reviews

  • Deprecated Features
  • Parameter Typecasting
  • Unused Variables
  • Input Sanitization
  • NO HARD-CODED Passwords
  • Sensitive code in user interface (Source Comments)
  • No Unlimited Result set
  • Don’t hit database unless needed (DDoS)
  • User Groups and Permissions
  • no MD5, SHA-1, RC3, Rc4 algorithms
  • explicit changes in configuration files
  • file upload verification
  • Change session ID after user has successfully authenticated
  • Secure Application Design and Development

One thought on “Security Code Reviews

What's on your mind?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.