ethical hacking

5 Habits of a Security-Conscious Developer

Given the amount of security breaches that go on everyday, there is hardly any security-conscious developer (or any developer for that matter) that will say that security isn’t important. In fact, even non-developers and coders agree that security is important. But then why is it treated like an afterthought?

As a typical developer, what are the 3 things you are likely to leave for last? Without any hesitation, these would be:

  1. Usability
  2. Documentation
  3. Security

This, in a way, is not some type of inherent failure on your part as a developer. It’s just that we’ve been used to working with a certain kind of flow. Why should I bother about security when I haven’t even made a successful database connection? Or Why stop to sanitise user-submitted data when all I’m trying to do is to get the records successfully submitted to the database?

The last thing we generally think about is security. We often write code with the impression that somehow security is a separate process or feature. But we have to adjust that behaviour and mindset.

As things become increasingly interconnected, web applications accessibility has gone beyond desktop interaction. There’s mobile connections as well behind-the-scene API connections. As a result there are habits that we must adopt to become more security-conscious developers and create more secure applications.

Here are 5 habits of a security-conscious developer:

  1. Nothing is 100% Secured.

The only 100% secured application is one that is not yet hosted. And this is not to discourage us or make us loose hope. It’s to tell us to always be on the lookout because as things advance, the ways to hack and crack them also advances.

2. Never Trust User Input

This point cannot be overemphasised. Generally speaking most of the users of your application won’t necessarily be malicious. They would use it the way it was intended to be used. But there are others that would like to probe things out and be adventurous, and with this knowledge in mind you have to leave nothing to chance.

3. Defense in Depth is The Only Defense

Having layered defenses is much easier to implement (and so much harder to defeat) than a single strong point. This is classic military defensive strategy —create many obstacles and delays to stop or slow an attacker or keep them from reaching anything of value. Although in our context we’re not actually trying to hurt or kill anyone, what we are interested in is redundancy and independent layers. Anyone trying to penetrate one layer or overcome some kind of defensive barrier (authentication system, encryption, and so on) would only be faced with another layer.

4. The Simpler The Code, The Easier it is to Secure.

Having well structured classes and functions makes a code easy to read, easy to understand, and easy to debug. For instance, having a class that validates users’ input means that when something goes wrong with that section of your application, you don’t just begin to scout around. You know exactly where to check.

5. Peer Review is Critical to Security

You can only see and observe so much as a developer, probably because we tend not to be overly critical of ourselves. And we’re not saying having a critical trait is anything of some value, but that when our applications are reviewed by others, they are likely to see what we don’t or can’t and can offer us useful suggestions on how to tie a loose end.

Summary

In conclusion, securing your application is like having a door in your house or even a gate at your entrance. This will generally not stop a thief from coming in, but we don’t just leave the gate open for the thief to walk in unopposed. We have to create layers for an eventual defense.

Recent Posts

What is a QR Code And How to Create One

QR codes have evolved from a niche tracking technology to an indispensable digital connector, seamlessly…

1 week ago

Will AI Replace Software Developers?

Artificial Intelligence (AI) has made remarkable progress in recent years, transforming industries such as healthcare,…

2 weeks ago

Can Tech Really Solve Climate Change—Or Is It Just Greenwashing?

Climate change is one of the most pressing challenges of our time, with rising global…

3 weeks ago

The Inevitable Rise of Transhumanism

In the last few decades, technology has become so embedded in our daily lives that…

3 weeks ago

Drones 101: What They Are & How They Work

In recent years, drones have become more than just cool gadgets or tools for tech…

4 weeks ago

React Native vs. Flutter: Which is Best to Build Mobile Apps in Abuja?

Looking to build mobile apps in Abuja? Choosing the right framework is crucial for performance,…

1 month ago