Add Security section
parent
1721a84af4
commit
609a75aa00
16
README.md
16
README.md
|
@ -1628,3 +1628,19 @@ REST is focused on exposing data. It minimizes the coupling between client/serv
|
|||
* [Crack the system design interview](http://www.puncsky.com/blog/2016/02/14/crack-the-system-design-interview/)
|
||||
* [Thrift](https://code.facebook.com/posts/1468950976659943/)
|
||||
* [Why REST for internal use and not RPC](http://arstechnica.com/civis/viewtopic.php?t=1190508)
|
||||
|
||||
## Security
|
||||
|
||||
This section could use some updates. Consider [contributing](#contributing)!
|
||||
|
||||
Security is a broad topic. Unless you have considerable experience, a security background, or are applying for a position that requires knowledge of security, you probably won't need to know more than the basics:
|
||||
|
||||
* Encrypt in transit and at rest.
|
||||
* Sanitize all user inputs or any input parameters exposed to user to prevent [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) and [SQL injection](https://en.wikipedia.org/wiki/SQL_injection).
|
||||
* Use parameterized queries to prevent SQL injection.
|
||||
* Use the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
|
||||
|
||||
### Source(s) and further reading
|
||||
|
||||
* [Security guide for developers](https://github.com/FallibleInc/security-guide-for-developers)
|
||||
* [OWASP top ten](https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet)
|
||||
|
|
Loading…
Reference in New Issue