Writing Secure Websites/webapps? - Topic

Member

Posts: 34,537

Joined: Mar 25 2009

Gold: 12,633.00

Oct 13 2024 06:24pm

As a full stack web developer, is it important to know how to write secure code? I found a few books that cover common vulnerabilities and how to exploit them, but i can't seem to find any books that actually teach counter measures how to write secure websites/webapps
Or is writing secure websites not that important as a freelance web developer?

RedFromWinter

Member

Posts: 9,108

Joined: May 11 2009

Gold: 5.01

Oct 14 2024 09:33am

Check OWASP

ferf

Member

Posts: 34,537

Joined: Mar 25 2009

Gold: 12,633.00

Oct 14 2024 09:36am

Quote (RedFromWinter @ Oct 14 2024 11:33am)

Check OWASP

Thanks man!

diobrando89

Member

Posts: 5,006

Joined: Mar 1 2008

Gold: 5,114.33

Oct 17 2024 08:38am

Check SonarQube and use his extension in your IDE (SonarLint)
Not only will it help you learn about vulnerabilities, but over time, you'll also get accustomed to writing cleaner code, following better syntax, and avoiding code smells.

ferf

Member

Posts: 34,537

Joined: Mar 25 2009

Gold: 12,633.00

Oct 17 2024 10:14am

Quote (diobrando89 @ Oct 17 2024 10:38am)

thanks for the info

moutonguerrier

Member

Posts: 30,959

Joined: Apr 13 2008

Gold: 11,786.69

Nov 10 2024 07:14am

Often web frameworks will handle security for you, leaving you with only configuration choices.
They implicitly make you avoid stuff like sql injection, XSS, CSRF, IDOR, etc.
You should have TLS/SSL, robust authn and authz, security headers in http methods, safe deserialization, etc

For example Spring Boot is one such framework provided you stay up to date with the latest versions to avoid newly discovered CVEs.

This post was edited by moutonguerrier on Nov 10 2024 07:16am

Go Back To Programming & Development Topic List