Recently i was faced some security problems.In that time,i was learned some tips,to implement the secure coding,that thing i was sharing in this document.It was just sharing my experience that all.
Here are some tips to write safer applications.These improve the Security of your application and provide you with multiple layers of defense.
1.Validate all inputs at the server.
2.Prefer white lists to black lists.
3.Escape special characters.
4.use prepared statements in database queries.
5.Use strong,random session tokens.
6.Use a hidden token in transaction requests.
7.Never store secrets in hidden fields/cookies.
8.Use cache-control directives to prevent sensitive data being cached.
9.Set session cookie to HTTPOnly.
10.Set the path attribute for cookies.
12.Use HTTP redirection on logout.
13.Invalidate sessions on logout.
14.Forcefully log out the user when suspicious events occur.
15.Log failures in the audit log.
16.Do not hard code the database password.
17.Use standard crypto algorithms and libraries.
18.Use SSL for transmission of all sensitive data.
19.Store passwords as salted hashes.
20.Use try..Catch…finally to handle exceptions.
21.Define and use custom error pages.