Just when you thought that the healthcare.gov debacle was finally on the uptick, a “white hat” hacker just testified on Capitol Hill that security was never properly built into the site. He claims that fixing the critical-to-high exposures could require up to a year of work.
Not exactly what you want to hear about a website that stores your most sensitive information.
I bring this up to highlight an important point: Despite the rising importance of proper security, best practices are often ignored. Basic security mistakes still plague many web applications…including healthcare.gov.As more development shifts to the web, and more data is stored on the cloud, security is a critically important topic. A single security misstep can compromise confidential business data or your customer’s personal information.
Today, let’s get back to the basics. While web application security is a broad topic, I’d like to focus on the security mistakes that web application developers should never make. These are the “basic” security principles that should never be ignored.
So, what are these security principles? What security mistakes should you never make? To help you answer those questions, we’ve compiled advice from some experts in the field (as well as some of my own) and listed everything below. Here are 10 security mistakes you should never make when developing web applications:
Read the rest of this entry »