• Ensure having Secured Coding Practices & Standards - secured software development
related guidelines & best practices that are clearly defined, policy driven, consistent,
subject to auditing & enforcement (the team is aware and follows these practices)
• Automated Security Code Scan - the source code periodically goes through a
security code scan (several tools are available)
• Storing Sensitive User Data & Data Encryption - don't store sensitive user
data where possible. If storing sensitive data is an application requirement
review your options related to secured data storages and encrypt the data
• Validate all data input - protect against buffer overflows, SQL Injection etc
• Caching & Logging - disable debug logs, disable auto-correct for sensitive data,
pay attention to keyboard cache, copy / paste from the clipboard etc
• Use https, ensure proper certificate validation & session management,
protect against Man-In-The-Middle, Cross-site Request Forgery and other attacks