The best way to start securing your applications is to use some useful security tips and a scanning tool.
- Encrypt: Use HTTPS/SSL to encrypt the data exchanged between the client and the server.
- Set API access keys: Assign different tokens for each end user. If these tokens do not match, access may be denied or revoked.
- Use safe methods of DOM manipulation: Methods like innerHTML are powerful and potentially dangerous, because they don’t delimit or escape/encode the values that are passed to them. Instead the use of a method like innerText lies in escaping potentially hazardous material. This is particularly useful in preventing DOM-based XSS attacks. -snicko
So, what can developers do right now?
One of the most immediate things you can do as an individual developer is to check if your source code is vulnerable and how to determine which piece of information is important using a good scanning tool.
In the case of CodeSec it not only provides a simple integration into GitHub with a free GitHub Action. But it is very easy to install the process in homebrew, npm or directly in the binary.
I encourage everyone to install and try scanning one of these tools today. Security isn’t going anywhere and familiarizing yourself with what Security Insight looks like will be an advantage in the long run.
Free SAST Tools:
- CodeSec by Contrast