Desarrollo Seguro 2019

When you need to validate any input as valid input

When user input is echoed back to the user in HTML

When you are trying to protect against regular expression injection

When you need to tell the interpreter that input is code

Brute force attack

Network sniffing

Man-in-the-middle attack

Bypassed authorization checks

EFS

SSL

HTTP

Kerberos

Nonce

Digital Signature

SSL

Salt

Cross-site request forgery

Failure to disable default accounts

Bad cryptography

Unsafe key storage

Form variables are used for managing session IDs.

Use a GOTCHA to prevent automated attacks.

User logout and session inactivity controls.

Session IDs are only accepted from cookies and parameter variables.

Set the secure flag in the cookie

Set the HttpOnly flag in the cookie

Use the CAPTCHA system

Use non-persistent cookies

Spoofing

Data loss

Denial of service

Insecure direct object references

Find out if a suitable framework component already exists.

Find out if you can use a small extension to an existing component to implement the system.

Find out if form variables are available to store data.

Find out if you need to use session-based indirection.