Blog / Tech / app security

Web Development Security Checklist

  • Rating — 4.8 (5 votes)
  • by Elena
  • Updated on October 25, 2019
  • Read —
    4-5 minutes
Information security best practices checklist

What’s the first thing that comes to your mind when talking about a website? Design? Functionality? Marketing? All these things certainly matter but what you should never forget is security.

Today many developers feel trapped by clients who want their projects to be developed within impossible deadlines. Dev companies have to create apps, compatible with multiple devices, platforms, and operating systems at once. On top of that, clients want their app to be able to withstand any possible attacks, like Fort Knox.

Information is the greatest value nowadays and losing it is a nightmare for any modern person. Therefore, information protection becomes crucial in the world where hackers are willing to steal it every single day.

Cyber security checklist:

Cyber attacks in 2017

“No big deal”. You might say. Well… In order to jog your memory we prepared the list of top 3 most extensive internet security breaches of 2017:

WannaCry malware

One of the most impudent and spread cyber attack of 2017 was made by WannaCry malware. The virus infected more than 300k computers running Microsoft Windows OC all over the world. Hackers extorted bitcoin payments from their victims for restoring the data.

The next day after the attack Microsoft released the emergency security patches for different Windows OS versions. Nevertheless, since very first computers were hit by the ransomware, users paid about $130k in total for restoring their data.

Petya cyber attack

Summer 2017 remained hot for many Ukrainian governmental structures and private enterprises that have been attacked by Petya ransomware. Airports, capital’s metro, banks, supermarkets and thousands of small companies were paralyzed by the unknown malware. The virus was spreading so fast, that people all over the country were afraid to turn their home PCs on.

It appeared later that the most-used accounting software in the county M.E.Doc had been compromised to spread the malware that caused the first “wave” of attack.

Now, the lesson is learned and the government realized the need of cyber security department enhancements.

Uber data loss

2017 was not the best year for Uber, and security issues have only exacerbated the deteriorating situation. It turned out that personal information of 57 million US citizens has been stolen in October 2016 and company decided to hide this fact.

Hackers managed to steal such personal data as names, emails, phone numbers and driver’s license numbers. Nevertheless, Uber claims that the location data, credit card numbers, social security numbers or birth dates have been kept safe. The company also confirmed that they’d paid $100k to hackers for deleting the stolen data and keeping the breach in secret. But as we know, what is done by night appears by day.

Plus, you probably heard of Equifax hack that left over 145 million Americans’ insecure identities forever at risk, including Social Security numbers, dates of birth, addresses and, potentially, driver license numbers.

protect users data by cyber-security-kit

Information security best practices checklist

As soon as you have realized the importance of the project security, it’s time to find the weak spots and fix them. No matter if you sell a product (an app for example) or use some kind of software for your inner business needs, the CIA triad is what keeps you protected. CIA stands for confidentiality, integrity, and availability.

Cybersecurity checklist:

Figure out the data you need to protect

There is a tip that can save you time and resources: store and protect only that data that is absolutely needed. You can avoid huge problems like compromised data (such as credit cards numbers or addresses) if you simply don’t store it.

Encrypt sensitive data

Such data as access tokens, billing details, emails, etc. must be encrypted. If you’re using AWS then you can do it directly in a database by using AWS Aurora.

Use only secure software

Before using any software, scan it for vulnerabilities and keep it up-to-date. Moreover, don’t forget to disable or totally remove any software that is no longer in use, as it might become the backdoor for hackers.  

Consider wise authentication

All the passwords should be encrypted. In addition, you might implement the password rules in order to avoid using weak ones like “password” or “12345”. But don’t overdo it, instead use multi-factor authentication (2FA) like SMS authentification, authentication via phone call, and email confirmation.

information security requirements checklist

Control the web traffic

Use the HTTPS protocol and TLS for the entire website, not only for forms or logins. Content Security Policy might be hard to develop, but it’s totally worth the time. Moreover, if using cookies, they must be https only so that no one can read them using JavaScript.

Control the infrastructure

Reduce manual operations as much as possible to ensure you can do upgrades quickly and automatically. Make logging centralized to avoid SSH for retrieving or accessing logs. Also, consider using intrusion detection system (IDS) to put advanced persistent threats (APT) to the minimum.

Create a guideline

When developing a new project of any complexity, create a security guideline, in order to train your act in a manner a single backdoor is left for hackers.

Have a plan

No matter how secure your website or mobile app is, anything might happen and you need to have a plan B. Hiding information like Uber did not a good idea, so think of the possible consequences, prepare a speech and keep in mind the potential ways of solving the problem.

Conclusion

We hope the post didn’t bring you a dose of paranoia but instead increased your awareness of cybersecurity importance. No matter what is the size of your project, keeping it secure is a must in times when users data is everything.

We, in GBKSOFT, care much about the information security on each step of development. Each team member, from developers to system administrators sticks to the special checklist, keeping the data safe and secure.

Ready to develop a new secure project? Contact us and get it done!

Elena Elena is the business analyst passionate about everything connected with startups, business ideas, and analytics. She’s aiming to find the solution for every challenge, young companies meet on their way.

Leave a comment
Close

Leave a Reply

Related services

Categories

All articles Business Company News Marketing Tips StartUp App Ideas Tech UI and Design

People are talking about

You've got
a project in mind

What's next?

Send us a message with a brief description of your project.
Our expert team will review it and get back to you within one business day with free consultation and next steps.

Testimonials

Nothing can be better than getting a review from our happy clients
who recommend us and trust us their business.

Andy
I think they do great work. I haven’t yet given them something that they were unable to do. Great
Gireesh, USA
One word...EXCELLENT.
Very well thought out and articulate communication. Clear milestones, deadlines and fast work.Patience. Infinite patience. No shortcuts. Even if the client is being careless (me). The best part...always solving problems with great original ideas, especially with this strange project where we are making up new words every day!
Excellent
Jonathan
More good work from team GBKSOFT. All well executed. The support within GBKSOFT is excellent. Communication is good too, spoken English as well as written. Support
Tao
GBKSOFT did a good job to manage the project. They put in a good effort to communicate with us and make it easier for us to communicate with developers. Good Job
Dave
GBKSOFT’s performance has been very strong. We've referred them twice, which says all anyone needs to know about them. A referral is the ultimate signal we can give that these guys are great. Strong
Garrett
They proved to be very good and they’re very reliable as well. They are quite conscientious. They will go the extra yard to make sure we're happy. Reliable
Raphael
My Project with GBKSOFT gave me the ability to develop my software while keeping a busy schedule. Ana, who was my project manager, was very professional and was always understanding of my vision and what I wanted. I would recommend GBKSOFT again to any other company or person who has a vision for their web application. Thank you GBKSOFT! Recommend
Aaron
I’ve been using GBK Soft for the past 3 years and they have been great. Communication is unparalleled to other app development companies. I’ve continued to return to them to improve my iOS app countless times and I will continue to do so in the future. I highly recommend this company! Improve
Devan
They write clean code, adhere to deadlines, and communicate extremely well. I strongly recommend anyone from the GBKSOFT agency and hope to work with them again myself. Clean Code
19
spinner