We'll tell you about the things you should always keep in mind if you want to create a secure app:
- Do not trust the input data! Check input data from untrusted sources — use whitelists, not black;
- Plan security from the beginning — it's not something you can do in the end;
- Make your app simple-complexity increases the likelihood of security holes;
- Minimize your attack surface;
- Make sure that an error while the application is running will not compromise its security;
- Ensure application security at every stage of development;
- Adhere to the principle of least privilege;
- Use threat modeling;
- Share privileges to make it easier to track down the source of the problem;
- Keeping secret data is difficult, and all secret data hidden in the code will quickly cease to be secret;
- Do not create your own encryption mechanisms;
- Using encryption alone does not make your application absolutely safe — attackers will find another weak point, because the security of any system is always equal to the security of the weakest link;
- Know and remember about buffer overflow and how to protect yourself from it.
