mrc's Cup of Joe Blog

Join us in exploring the world of modern development, evolving technologies, and the art of future-proof software

Security

7 critical security tips for modern web development

EducationModern developers are caught between a rock and a hard place. On one hand, businesses are requiring faster application delivery from their development staff. As software plays an increasingly important role in the modern business, developers regularly face impossible deadlines.

On the other hand, web application development is becoming more complex. For instance, as outlined in this article, modern developers must create applications that adapt to any device, port to any platform, integrate with other services, and withstand increasingly sophisticated attacks. Whew!

The big problem: With these changing requirements and growing demands for faster development, developers struggle to keep up. Certain development aspects are bound to fall through the cracks.

As it turns out, that is exactly what’s happening…with security. Despite the growing importance of proper security, many developers aren’t following basic security principles. How bad is it? According to this study from last year, 99% of applications have one or more serious vulnerabilities.

Today, let’s examine this problem. While I know we can’t address every security mistake developers make, we can highlight the most important principles. What basic security guidelines should every modern web developer follow? How can you protect your web applications from being easy targets for an attack? While the list could be much larger, I’ve rounded up 7 of the most important security tips every developer must follow, and listed them below:

10 security mistakes web application developers should never make

EducationJust when you thought that the healthcare.gov debacle was finally on the uptick, a “white hat” hacker just testified on Capitol Hill that security was never properly built into the site. He claims that fixing the critical-to-high exposures could require up to a year of work.

Not exactly what you want to hear about a website that stores your most sensitive information.

I bring this up to highlight an important point: Despite the rising importance of proper security, best practices are often ignored. Basic security mistakes still plague many web applications…including healthcare.gov.

photo credit: elhombredenegro via photopin cc
photo credit: elhombredenegro via photopin cc

As more development shifts to the web, and more data is stored on the cloud, security is a critically important topic. A single security misstep can compromise confidential business data or your customer’s personal information.

Today, let’s get back to the basics. While web application security is a broad topic, I’d like to focus on the security mistakes that web application developers should never make. These are the “basic” security principles that should never be ignored.

So, what are these security principles? What security mistakes should you never make? To help you answer those questions, we’ve compiled advice from some experts in the field (as well as some of my own) and listed everything below. Here are 10 security mistakes you should never make when developing web applications:

7 key security features of business-class development software

EducationWorking in the business software industry for over 30 years, I’ve seen my fair share of pretenders–amateur software posing as professional business software.

The problem is, this “amateur software” is often hard to detect. It looks great in the demo. Unfortunately, its limitations become apparent after you’ve already purchased the software…when it’s too late to go back.

Today, I’d like to share some tips that will help you separate business-focused application development software from the “amateur” software. I’m focusing on web application development software because that’s our area of expertise (we’ve been doing this for quite a while), but I’m sure these tips apply to most any business software.

So, what separates the pretenders from the legitimate, built-for-business software? Architecture and security. The cheap amateur software focuses mainly on the look and feel, but skimps on the architecture and security. Application development software that’s truly designed for business will include flexible architecture and business-class security features.

What types of security features should good application development software include? I’ve compiled a list of 7 security features that are absolutely essential in professional business application development software: