I once wanted to specialize in networks just because of human interaction and data. Well, IT and basically software development is all about that. Human interaction.
I like development more when I know my application will be subjected to a bigger audience either for tests or use. I bet every developer likes this at some point. I hate large numbers during development when the project itself is behind schedule though...because this is when you complete modules for ticks & gram and not fun.
Sucks.
So, networking...I liked it also because of exposure. Was exposed to this environment so much. I did lots of it. Later found out I was working with less and less materials. I had nothing, in terms of materials, outside Cisco (they really have cool h/ware). Freeware was hard to come by too. I hated dealing with hardware and being platform dependent. Among the nice features a s/ware is to have, platform-independence is one of them. We’ll need something that runs even on mars.
I kept the knowledge. Bumped into web development and liked it. Big user base..nice. Cross platform apps, sweet. In our last meet-up, we discussed about security and I had several tips on how to make your application air tight and still great to use. Sometimes compromise knocks. Note, there’s always more you can do than what I’m writing. We discussed:
l Input Sanitizing and Validation.
Casing an example, let’s say you want an ID number field. Is the field to accept numerics, alphabets, alphanumeric..and special characters? How many characters? What about html? Can it be same as email? Can it be pasted?
l SQL Injection.
This is a cool test hack method. How good are you fetching data? How often? How many pages are handling CRUD functions? Can you bypass data fetch?
l Parameterized queries.
This is where you break the query norm. Try to have staged queries. Have query statements separated. This is all about breaking down queries into chucks. MySqli & PDO is good at this.
l Folder/File access(read/write) rights.
Where and who can write? I use 0755 permissions for folders and 0644 for files. Works good for me.
Cache and temp folders are tricky to deal with. Test them nicely.
l Load Balancing.
How much pressure can your application handle? Make sure the app can take blows without going out. Distribute access points depending on tracking.
HaProxy is good at this.
l Htaccess.
I know little about configuring this. I shared a nice one I had googled a while back on my repo though. Search for it at http://github.com/patricmutwiri
l System Updates.
Developers, please use latest stable releases as per your application dependencies. Upgrades sometimes break applications. Incase of an upgrade, do this from the local machine before beta tests and make sure all modules are up and running.
There’s so much to write about interms of security. So much left out also. SSLs, Backups, Passwords, etc.
Let me know more about security. Share your thoughts. Share my thoughts with your audience too.
