What are the security concerns I need to consider while coding?

Question

I know SQL Injection is one... what are the others...

Answer 1

Buffer overflows are the classic if you're writing C, as they often allow the execution of arbitrary code by an attacker.

Answer 2

Massage and filter ALL input to your program before processing.

Never process input without filtering and truncating.

-R

Answer 3

how about verifying user input? For example, you're expecting a 10 digit phone number, but you get "800OHNOES!"

Answer 4

Avoid sending plain text usernames.

Answer 5

I second the recommendation for: 19 Deadly Sins of Software Security

It isn't just a checklist, read it to understand many of the aspects of software security. Some are broad items, that let you understand the reasoning behind many of the different security issues.

Answer 6

I like to model my system with Threat Modeling Tools. This particular one lets you model different applications and gives you all types of information about what types of threats are applicable based on the model as well as some mitigations and their risks. It also let's you track these risks throughout the dev. life cycle to come up with mitigation plans. It's pretty cool. :)