Documente Academic
Documente Profesional
Documente Cultură
Table of Contents
Introduction: ......................................................................................................................................... 2
Application security: ........................................................................................................................ 2
1.1 Use HTTPs : .......................................................................................................................... 2
1.2 Strict Transport Security Header: ............................................................................................ 2
1.3 Encryption of Data ................................................................................................................. 2
1.4 Disable data caching............................................................................................................... 2
1.5 Limit the use and storage of sensitive data .............................................................................. 2
1.6 Automate Application Deployment ......................................................................................... 2
1.7 Don’t Hard code credentials ................................................................................................... 2
1.8 Don't disclose too much Information in Error Messages ......................................................... 3
1.9 Design Review ....................................................................................................................... 3
1.10 Code Review ........................................................................................................................ 3
1.11 Security Testing .................................................................................................................... 3
1.12Don’t use unvalidated Forwards and Redirects ...................................................................... 3
1.13 Session management ............................................................................................................ 3
Performance ..................................................................................................................................... 3
1.14 Practice Coding Standards: ................................................................................................... 4
1.15 Database Optimization ......................................................................................................... 4
1.16 Implement secure cache of data ............................................................................................ 4
1.17 Data Validation ..................................................................................................................... 5
1.18 Reduce number of plugins and dependency jars:................................................................... 5
1.19 Code reuse ........................................................................................................................... 5
1.20 Exception Handling .............................................................................................................. 5
1.21 Code Review ........................................................................................................................ 5
1.22 Host application in a dedicated Environment ........................................................................ 5
Introduction:
As everyone knows security and performance are playing a vital role while developing any
application. This document explains about some of the basic key points to be noted when we develop
any web applications.
.1 Application security:
.1.1 Use HTTPs :
Ideally HTTPs should be used in entire application and make sure the same URL is not
accessible via the insecure HTTP channel. HTTPS certificate should be signed by a reputable
certificate authority. The certificate should be valid and not expired.
.2 Performance
How security is imported same like that performance also has a big value in each application
development. Even site ranking is considered by the speed of website. End of day as a developer need
to focus more about customer satisfaction and user experience. The better your application performs
the more satisfied a user will be. Loading time will define performance of your application.
.2.1 Practice Coding Standards:
Coding standards make the code consistent, and reduce the number of errors. The advantage of
following coding standards are given below
i. Enhance Efficiency
ii. Risk of project failure is reduced
iii. Less complexity
iv. Easy to maintain
v. Bug rectification
vi. Cost efficient
Ref link:https://medium.com/@rhamedy/a-short-summary-of-java-coding-best-practices-
31283d0167d3
Code review is a phase in development process. Finding and correcting error at this stage is
relatively inexpensive. It may especially productive for identifying security vulnerabilities.
SonarQube is an open source platform and is used to manage source code quality. It makes
management of code quality possible for any developer in the team. You can install and configure
sonarqube in eclipse as a plugin.
.2.9
.2.10 Host application in a dedicated Environment
By choosing a dedicated environment for the application, can lead the performance and
scalability.
Few advantages of choosing a dedicated environment to host the application is given below:
i. Server resources are not shared
ii. Enhanced performance and security
iii. Flexibility
iv. Unique IP address