Here is the pdf file link.
Damn, but security is hard.
It’s not always obvious what needs doing, and the payofs of good security are at best obscure. Who is surprised when it falls of our priority lists?
We’d like to ofer a little help if you don’t mind. And by « help » we don’t mean « pitch you our product »—we genuinely mean it.
Sqreen’s mission is to empower engineers to build secure web applications. We’ve put our security knowledge to work in compiling an actionable list of best practices to help you get a grip on your DevSecOps priorities. It’s all on the following pages.
We hope your find if useful. If you do, share it with your network. And if you don’t, please take to Twitter to complain loudly—it’s the best way to get our attention.
Use Parameterized Queries To avoid SQL injection attacks, never concatenate or interpolate SQL strings with external data. Use parameterized queries instead and prepared statements. These can be used with vendor-specific libraries or by using PDO.
Read more:
• Prepared statements and stored procedures in PDO
• Mysqli Prepared Statements
• The PostgreSQL pg_query_params function
Use an ORM
Take parameterized queries and prepared statements one step further, and avoid, if at all possible, writing SQL queries yourself, by using an ORM; one scrutinized and tested by many security-conscious developers.
Read more:
• Doctrine ORM
• Propel
• redbeanphp
No comments:
Post a Comment