Writing Secure Code
| | ||
Sin 8: Failing to Protect Network Traffic Summary
-
Do perform ongoing message authentication for all network traffic your application produces.
-
Do use a strong initial authentication mechanism.
-
Do encrypt all data for which privacy is a concern. Err on the side of privacy.
-
Do use SSL/TLS for all your on-the-wire crypto needs, if at all possible. It works!
-
Do not ignore the security of your data on the wire.
-
Do not hardcode keys, and dont think that XORing with a fixed string is an encryption mechanism.
-
Do not hesitate to encrypt data for efficiency reasons. Ongoing encryption is cheap.
-
Consider using network-level technologies to further reduce exposure whenever it makes sense, such as firewalls, VPNs, and load balancers.