|
|
@@ -1628,3 +1628,19 @@ REST is focused on exposing data. It minimizes the coupling between client/serv
|
|
|
* [Crack the system design interview](http://www.puncsky.com/blog/2016/02/14/crack-the-system-design-interview/)
|
|
|
* [Thrift](https://code.facebook.com/posts/1468950976659943/)
|
|
|
* [Why REST for internal use and not RPC](http://arstechnica.com/civis/viewtopic.php?t=1190508)
|
|
|
+
|
|
|
+## Security
|
|
|
+
|
|
|
+This section could use some updates. Consider [contributing](#contributing)!
|
|
|
+
|
|
|
+Security is a broad topic. Unless you have considerable experience, a security background, or are applying for a position that requires knowledge of security, you probably won't need to know more than the basics:
|
|
|
+
|
|
|
+* Encrypt in transit and at rest.
|
|
|
+* Sanitize all user inputs or any input parameters exposed to user to prevent [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) and [SQL injection](https://en.wikipedia.org/wiki/SQL_injection).
|
|
|
+* Use parameterized queries to prevent SQL injection.
|
|
|
+* Use the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
|
|
|
+
|
|
|
+### Source(s) and further reading
|
|
|
+
|
|
|
+* [Security guide for developers](https://github.com/FallibleInc/security-guide-for-developers)
|
|
|
+* [OWASP top ten](https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet)
|
Donne Martin