2. ISTQB official website was compromised and offensive photo was
put on its homepage.
LinkedIn – the popular social media network – recently confirmed that
a breach of its network has compromised hashed passwords
associated with its accounts. News reports estimate almost 6.5
million passwords have been compromised. - See more at:
http://blog.aujas.com/quick-test-find-company-
security.html#sthash.STsZqk85.dpuf
Financial Times Tech Blogs & Twitter Accounts Hacked By Syrian
Electronic Army.
An unknown hacker hacked the website of Thai Prime Minister
Yingluck Shinawatra’s office and posted offensive message as
shown in the image below.
Few recent security Breaches around
the world
6. Love task specific built-in APIs Do
not permit the application to issue
commands directly to the Soul ,
Especially through the use of application initiated command shells.
7. Use Checksum or Hash
Use a small-size datum computed from an arbitrary block of digital data for the
purpose of detecting errors to verify the integrity of interpreted code, libraries,
executable, and configuration files.
8. Limit the access to prevent multiple simultaneous requests or use a synchronization
mechanism to prevent race conditions( locking).
Lock
10. Clearly initialize all your variables and other data stores, either during declaration or
just before the first usage
Explicit Declaration
11. Quick Raise and Drop elevated
privileges
If application must run with elevated privileges then raise privileges as late as
possible,and also drop them as soon as possible.
12. Get rid from overwhelming
Avoid calculation errors by understanding your programming language's underlying
representation and how it interacts with numeric calculation. Pay close attention to byte
size discrepancies, precision,signed/unsigned distinctions, truncation, conversion and
casting between types, "not-a-number" calculations, and how your language handles
numbers that are too large or too small for its underlying representation
13. Do not play with user supplied
data let it to come in first
Do not pass user supplied data to any dynamic execution function
14. Do not change user into a developer
its your role
Restrict users from generating new code or altering existing code
15. Use magnifying glasses for third
party support
Review all secondary applications, third party code and libraries to determine business
necessity and validate safe functionality, as these can introduce new vulnerabilities
16. If the application will utilize automatic updates, then use cryptographic signatures for
your code and ensure your download clients verify those signatures. Use encrypted
channels to transfer the code from the host server.
Be private to update & Implement
safe updating