To consider when dealing with Data & Software Security

• Ensure having Secured Coding Practices & Standards - secured software development related guidelines & best practices that are clearly defined, policy driven, consistent, subject to auditing & enforcement (the team is aware and follows these practices)

• Automated Security Code Scan - the source code periodically goes through a security code scan (several tools are available)

• Storing Sensitive User Data & Data Encryption - don't store sensitive user data where possible. If storing sensitive data is an application requirement review your options related to secured data storages and encrypt the data

• Validate all data input - protect against buffer overflows, SQL Injection etc

• Caching & Logging - disable debug logs, disable auto-correct for sensitive data, pay attention to keyboard cache, copy / paste from the clipboard etc

• Use https, ensure proper certificate validation & session management, protect against Man-In-The-Middle, Cross-site Request Forgery and other attacks