Featured White Papers

• Why choose an Open Source BPM?
• 10 FAQs on Business Process Management
• Best Practices for Getting Started with BPM
• Free Your Devs From The Pain Of Java Redeploys
• Increase Velocity 40% by Using JRebel
• What Developers Want: The End of Application Redeploys
• Developer Productivity Report: Java Tools, Tech, Devs, and Data
• Coding with JRebel: Java Forever Changed
• Utilizing Fast Testing to Transform Java Development
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• APIs for Java Programmers: Manage & Convert DOC, XLS, PPT, PDF & More

• Instantly Preview Java Code Changes: JRebel.com

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Safeguard your code: 17 security tips for developers

Rigorous input testing, passwords, encryption -- 17 ways to write secure code

By Peter Wayner, InfoWorld, 02/04/13

Page 5 of 5

Some sites are investing in proving themselves to the customers. They ask the customer to upload some photo or set of words that the website can use to prove that they're who they say they are. This can make everyone more secure.

 Secure programming tip No. 15: Keep apprised of the latest threats
Following the industry press is absolutely essential, and InfoWorld is just one of the publications that covers tragic mistakes. Good articles can show you what others did wrong and give you a chance to think like an unauthorized prowler.

Understanding what happened in the past is a good way to begin planning for the future when a similar attacker may come after you -- a similar attacker who is also reading the same articles and thinking about them in a more malicious way. Once the ideas are out there, you have to take notice or the attackers will get a jump on you.

 Secure programming tip No. 16: Deep research can pay off
The daily press is the first draft of how not to step in deep manure. Better lessons come from reading the books and journal articles written after the researchers have had time to think about what went wrong. These often include good rules and methods for avoiding the problem in the future.

Investing some time and money in books is often an incredibly cheap way to get knowledge from some of the most highly paid consultants. A book that costs $200 or $300 may seem outrageously expensive, but not when the consultant also charges $500 an hour and insists on a 20-hour minimum.

 Secure programming tip No. 17: Educate yourself
You can enroll in a local university or try one of the new free courses online. These are different ways of learning the information that often hasn't been distilled and put in book form. The professors are usually following the latest publications in academic conferences, and they likely include copious footnotes and pointers. Even if you know much of the information already, auditing a course helps you keep current with the latest discoveries and publications.

Related articles

• 9 key career issues software developers face
• Top 7 dilemmas facing today's developers
• 7 programming myths -- busted
• 10 hard truths developers must learn to accept
• 11 programming trends to watch
• 12 programming mistakes to avoid
• 10 programming languages that could shake up IT
• 9 popular IT security practices that just don't work
• 10 crazy IT security tricks that actually work
• Download: InfoWorld HTML5 Deep Dive
• Download: Malware Deep Dive Report
• Download: Data Loss Prevention Deep Dive Report
• Download: Insider Threat Deep Dive Report
• Quiz: "Hello, world": Programming languages quiz
• Quiz: JavaScript IQ test
• Quiz: Java IQ test
• Quiz: HTML5 IQ test
• Quiz: Programming IQ test: Round 1
• Quiz: Programming IQ test: Round 2

This article, "Safeguard your code: 17 security tips for developers," originally appeared at InfoWorld.com. Follow the latest news in programming at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

For more enterprise computing news, visit InfoWorld. Story copyright InfoWorld Media Group, Inc.