It is the capability of a system to protect its assets and prevent from unauthorized access or modification of information or resources.
- Issue in authentication and authorization
- Damage caused by malicious input such as SQL injection and cross-site scripting.
- Not encrypting sensitive data.
- Information disclosure and loss of sensitive data.
Points to be considered:
- Latest OWASP guidelines
- Multi-factor Authentication
- Single Sign On (SSO)
- Principle of Least Privilege
- Transport and Message Level Security.
- Usage of tool to identify vulnerability in the code.
- Tools to monitor the issue.
- Security Principles:
- Don’t develop as admin
- Don’t trust any input ever
- Protect against buffer overruns
- Protect against injections
- Prevent cross origin access
- Don’t require super user privileges
- Don’t implement security codes
- Limit your attack surface
- Execute with least privileges