21 lines
1.0 KiB
Markdown
21 lines
1.0 KiB
Markdown
+++
|
|
noatcards = True
|
|
isdraft = False
|
|
weight = 170
|
|
+++
|
|
Security
|
|
--------
|
|
---
|
|
This section could use some updates. Consider [contributing](https://github.com/donnemartin/system-design-primer#contributing) !
|
|
|
|
Security is a broad topic. Unless you have considerable experience, a security background, or are applying for a position that requires knowledge of security, you probably won't need to know more than the basics:
|
|
|
|
- Encrypt in transit and at rest.
|
|
- Sanitize all user inputs or any input parameters exposed to user to prevent [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) and [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) .
|
|
- Use parameterized queries to prevent SQL injection.
|
|
- Use the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) .
|
|
|
|
## Source(s) and further reading
|
|
|
|
- [Security guide for developers](https://github.com/FallibleInc/security-guide-for-developers)
|
|
- [OWASP top ten](https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet) |