Top tips for secure web applications
I am looking for easy steps that are simple and effective in making a web application more secure.
What are your top tips for secure web applications, and what kind of attack will they stop?
Microsoft Technet has en excellent article:
Here are the topics for the tips answered in that article:
- Never Directly Trust User Input
- Services Should Have Neither System nor Administrator Access
- Follow SQL Server Best Practices
- Protect the Assets
- Include Auditing, Logging, and Reporting Features
- Analyze the Source Code
- Deploy Components Using Defense in Depth
- Turn Off In-Depth Error Messages for End Users
- Know the 10 Laws of Security Administration
- Have a Security Incident Response Plan