Security Ain't That Hard?

I've been researching what's required to make my application less vulnerable to things like SQL injection or other malicious attacks. Imagine my surprise when I discovered that I've apparently already done the two biggest things, which are using PreparedStatements and escaping special characters. I've googled quite a bit and these are the main things I've found so far.

According to the latter article I do need to do a few more small things, such as specifying the character encoding in my headers, but that seems to be about it... I'll be double-checking all my SQL to make sure there are no inappropriate uses of Statements, but apparently this issue is going to be a lot faster and easier than I expected. Rather shocking, really... Hopefully google hasn't lead me astray.

In other news I'm leaning towards revising the issue "Add error checking, unit testing, and integration testing using JUnit, DBUnit, FindBugs, etc." to just focusing on FindBugs and other similar tools for now. I've done some research on unit testing and in particular test driven development, and it's a huge topic and somewhat confusing. I did purchase a book, Test Driven Development By Example by Kent Beck, after seeing it recommended multiple places, so I think I'd like to revisit this topic after reading the book. I'll put The Pragmatic Programmer on hold for now.

Comments

Popular posts from this blog

"Does it get easier?" Yes, but Also No...

How to Land Your First Dev Job: Develop Yourself, Market Yourself

Git. The WHAT and WHY Edition.