The following checklist identifies basic security issues that should be checked at every patch check-in. This checklist represents first-line security control against vulnerable code making it to production. This is considered a starting point and the community is encouraged to get involved to improve this list.
Scenarios where this checklist could be used:
a. Review another developer's patch against secure coding best practices.
c. Retroactively review a code module against secure coding best practices.
Secure Coding Checklist:
1- Contextual encoding is applied:
Ensure that all dynamic data is properly encoded to prevent cross-site scripting attacks.
- Ensure that encoding is properly done using the correct context.
- Ensure that data is properly quoted using double quotes.
2- Sanitize user data:
Ensures that user-supplied data is properly sanitized to prevent cross-site scripting and injection attacks.
- Ensure that data retrieved from the QueryString, Header, Post Parameters, and Cookies is properly sanitized using a whitelist.
3- Use parameterized SQL statements:
Ensures that SQL statements are securely constructed to prevent SQL injection attacks.
- Ensure that all SQL statements in the patch are parameterized, both for user-supplied data and for data loaded from other sources (e.g. database, files, etc)
4- File Upload/Download:
Ensures that proper procedures have been followed to prevent path manipulation attacks and unauthorized attempts to access the file system.
- Restrict accepted file types to avoid dangerous extensions like .bat or .exe
- It is preferable to use system generated filenames if files are to be saved locally.
- If this is not possible, then make sure to validate the file name using a whitelist, make sure to retrieve the file name only, useful routines to use is File.getName()
- Validate the file size to avoid denial of service attacks.
- Upon file download operations; ensure that the path can't be controlled by the user.
5- Forms should be protected with a token:
Ensures that proper procedures have been followed to prevent cross-site request forgery (CSRF) attacks.
- Actionable requests must be protected using an anti-CSRF token. Actionable requests are requests which will result in data update, delete, insert, etc.
6- Check authentication status if appropriate:
Ensures that proper checks have been made to prevent insufficient authentication attacks.
- For all the files in the patch. Ensure that authentication status is checked.
7- Check authorization status if appropriate:
Ensures that proper checks have been made to prevent unauthorized data access.
- For all the files in the patch. Ensure that code exists to check the role of the current user if appropriate.
8- The patch does not perform a redirect based on user-controllable data:
Ensures that proper checks have been made to prevent open-redirects and HTTP splitting attacks.
- Ensure that the code does not perform redirect or forward operation using data retrieved from the request..
9- The patch does not disable any security configuration accidentally:
Ensures that proper controls are in place to prevent against insecure configuration issues.