A Guide for coding & serving of good & responsibly Web Software

Please feel free and read the following topics, if you want to check some points of view depending on the main title. And please let me, let us know, if you have some constructive updates on this.

---

Is your user input sanitized & secure?

• using filter methods for displaying (email, names, text, digits, telephone-numbers, ...)?
• db filtering & quoting user content before storing?

How do you handle/organize your super-privacy user information, like user passwords?

• using bpkdf2 or bcrypt?
• using random salted user hashes with the latest recommended salt lengths, hash sizes and iteration levels?
• versioning & updating from time to time the hash-methods, silent rehashing?

How do you handle with the validation of user file uploads?

• using images, documents, soundfiles, videofiles & other file formats?
  • max/min size checked (clientside, serverside)?
  • created a new filename & refused orginal filename/file-extension after upload?
  • disabled file execution rights, cgi & co in the uploaded directories?
• images & validation: exif_imagetype & mimetype check validated on filename extension?
• using documents & validation?
• using sound files & validation?
• using video files & validation?
• using other file formats & validation?

How are the termination of your non persistent user sessions are organized?

• is your session garbage collector configured for your needs?
• do you have a solution for cleaning sessions older than ... hours?

Do you have the latest secure api & software on your webservers installed?

Reviewing the resources, which are in use or installed

• https://www.cvedetails.com
• https://packetstormsecurity.com

Do your servers use intrucion / malware detection systems?

• fail2bann, antvirus scanning system, intelligent firewalls, ...

Links & Resources

• coming soon ...

Code Examples

• PHP coming soon ...
• Python coming soon ...
• Java coming soon ...