WhiteBelt Session - Secure Coding - OWASP Top 10

Prepared Statements

Stored Procedures

Escape all user supplied input

Add HSTS in response headers

MD5

PBKDF2

Bcrypt

SHA-1

SSL 3.0

SSL 2.0

TLS 1.0

TLS 1.2

Vertical Privilege Escalation

Insecure Direct Object References

Local File Inclusion

SQL Injection

Front end access restriction is the best way to prevent access control issues

Malicious users can enable the button on front end allowing unauthorized access

Front end HTML cannot be modified by malicious users making it a safe implementation

Front end restriction is the only way out, and we have to accept the risk associated

SQL Injection

XML External Entities

Man in the middle

Cross site scripting

Authentication successes and failures

Authorization (access control) failures

Session management failures

All of the above

Improper input validation at server side

Vulnerable, out of date components used in applications

Cookie value set insecurely

None of the above

Properly log all high value transactions and monitor them continuously for abnormal behaviour

Ensure to use TLS v 1.2 in all communications to encrypt sensitive data

Use secure cookie attribute to prevent XSS attacks

All of the above

Cross Origin Resource Sharing

Cross Site Scripting

Cross Site Request Forgery

Upload malicious files