Reference from OWASP( www.owasp.com).

Security Check

BY- Prabhanshu Saraswat

ISTQB official website was compromised and offensive photo was put on its homepage.

LinkedIn – the popular social media network – recently confirmed that a breach of its network has compromised hashed passwords associated with its accounts. News reports estimate almost 6.5 million passwords have been compromised. - See more at: http://blog.aujas.com/quick-test-find-company-security.html#sthash.STsZqk85.dpuf

Financial Times Tech Blogs & Twitter Accounts Hacked By Syrian Electronic Army.

An unknown hacker hacked the website of Thai Prime Minister Yingluck Shinawatra’s office and posted offensive message as shown in the image below.

Few recent security Breaches around the world

Offensive Message

Security Checklist for development

Boot unmanaged code, Believe in Tested and managed.

Love task specific built-in APIs Do not permit the application to issue commands directly to the Soul ,

Especially through the use of application initiated command shells.

Use Checksum or Hash

Use a small-size datum computed from an arbitrary block of digital data for the purpose of detecting errors to verify the integrity of interpreted code, libraries, executable, and configuration files.

Limit the access to prevent multiple simultaneous requests or use a synchronization mechanism to prevent race conditions( locking).

Lock

Protect shared variables and resources

Like inappropriate concurrent access

Clearly initialize all your variables and other data stores, either during declaration or just before the first usage

Explicit Declaration

Quick Raise and Drop elevated privileges

If application must run with elevated privileges then raise privileges as late as possible,and also drop them as soon as possible.

Get rid from overwhelming

Avoid calculation errors by understanding your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision,signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation

Do not play with user supplied data let it to come in first

Do not pass user supplied data to any dynamic execution function

Do not change user into a developer its your role

Restrict users from generating new code or altering existing code

Use magnifying glasses for third party support

Review all secondary applications, third party code and libraries to determine business necessity and validate safe functionality, as these can introduce new vulnerabilities

If the application will utilize automatic updates, then use cryptographic signatures for your code and ensure your download clients verify those signatures. Use encrypted channels to transfer the code from the host server.

Be private to update & Implement safe updating