ABSTRACT
This chapter is primarily intended for development staff, but it is useful for appsec architects to use as guidance to Scrum teams who need specific details on recognizing and remediating security-related programming defects and to supplement their formal training. Secure design and programming best practices have always been the best form of defense against these attacks—some of them have proven themselves capable of later defending attacks that had not yet been identified. The chapter examines some of the most pernicious programming issues—injection attacks—and recommended a number of defensive programming techniques to protect applications from those attacks. One common theme of the Open Web Application Security Project (OWASP) Top 10 is injection-related attacks, where user-entered commands modify how a program operates when the application uses the inputs to run their own code. The OWASP is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted.
