Prev Next

DataStructures / System Design

Security measures to follow when you are developing your projects.

Perform security tests in CD/CD: CI/CD processes and tools are great places to include security tools and security uni-test cases. Generally, developers are amenable to fixing flagged vulnerabilities on merges but more resistant to addressing large security coding problems prior to shipping a product/service.

Understand your software supply chain: include automation in CI/CD process to create a list of third-party components. OWASP Dependency check can help you identify your components, versions, and known vulnerabilities associated with each library version.

Upgrade your libraries: To benefit from vulnerability remediation in your software supply chain, you must upgrade your third-party libraries.

Use popular third-party libraries: Use only well-maintained third-party libraries. Libraries that are not well-maintained will impact your security agility and will leave you vulnerable longer to well-known issues.

Design for easy upgrades: Establish development standards for code compliance. For example, you may be compiling with Java 11, but you can mandate code compliance to Java 9. The benefit of separating your build compliance from software code compliance is that you have more flexibility to downgrade or upgrade.

Avoid poor configuration: avoid hardcoded/clear text passwords in configuration. Use information from sites like "Security/Server side TLS at Mozilla" to generate configuration/ provide cipher suite recommendations.

Protect against MITM attacks: Employ encryption to defend against man-in-the-middle (MitM) attacks.

Protect against replay attacks: You can use a cryptographically secure nonce to defend against a replay attack.

Apply security controls on the server: Designers often apply validation to Javasript front-ends for web apps. It's acceptable to include validation on the client for performance reasons, saving a round-trip to the server. However, client security can't be applied in lieu of server security. All security controls must be deployed on the server since attackers can bypas browser security controls by calling your web service interfaces directly.

Protect against credential leakage: Ensure all servers communicate securely through encrypted connections. Don't store credentials in the clear. Store passwords hashed and salt hashes on a per-user basis.

It's right time to invest in Cryptocurrencies Dogecoin! Earn free bitcoins up to $250 now by signing up.

Earn bitcoins upto $250 (free), invest in other Cryptocurrencies when you signup with blockfi. Use the referral link: Signup now and earn!

Using BlockFi, don't just buy crypto - start earning on it. Open an interest account with up to 8.6% APY, trade currencies, or borrow money without selling your assets.

Join CoinBase! We'll both receive $10 in free Bitcoin when they buy or sell their first $100 on Coinbase! Available in India also. Use the referral Join coinbase!

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

Difference between horizontal and vertical scaling. What is a Load Balancer? Explain few load balancing algorithms that you know. Explain CAP theorem. Explain the BASE property of the database. Explain ACID properties of database transactions. What is database sharding? Difference between database sharding and partitioning. Difference between eventual and strong consistency in Distributed Databases. How to choose between SQL and No-SQL Database? What is TLS? Explain Request Throttling. Difference: hard vs soft real-time system. What is NAT-T (NAT Traversal)? What does HLS stand for? Security measures to follow when you are developing your projects. Explain about EquiFax 2017 security incident. Different Injection defects. Different Authentication & access control defects. Causes of Data protection defects. What is Cross-site scripting? What is SQL injection? Explain Command injection. What is meant by Insecure redirects? Explain about "insecure upload/download" injection defect. What is the "Buffer overflow" attack? Differentiate Authentication and Authorization. What is parameter tampering? What is Cross-site request forgery (CSRF)? What is SACM (Service Asset and Configuration management)? What is digital accessibility? What is WAI-ARIA? What is VUI? What are Alexa skills? What is DNS TXT record? What is Resident Set Size (RSS)? Explain 12-Factor App methodology. What is certificate pinning? Difference between SSL authentication and Mutual SSL Authentication. What is OAUTH? What is a Canary release? What is Domain Driven Design? Difference between TLS and MTLS. What is RSocket? What is Site reliability engineering (SRE)? Difference Between Semaphore and Mutex. What is Privilege Escalation? What is SSRF? Best practices for Strong cryptography. Define Latency and throughput. What is Insecure Design? What is threat modeling? Explain STRIDE threat modeling. What is meant by tokenization?
Show more question and Answers...

Amazon Web Service (AWS)

Comments & Discussions