Secure Coding Practices - Building Blocks
Author: Scott Hurrey
Categories: [‘Building Blocks’, ‘Tutorials’]
Tags: [‘building blocks’, ‘best practices’, ‘security’, ‘developer’]
Blackboard takes security seriously and extends that same outlook to developers by enabling them to apply industry standards of best practice to their Building Blocks.
You may read more about the ESAPI library and secure development on Learn at help.blackboard.com.
Secure Coding Best Practices
As part of secure coding practices, input that may be influenced by users, whether trusted or not, should be validated on the server-side before processing (input validation) as well as prior to display (output validation or escaping). This helps ensure system resiliency and prevents security issues such as cross-site scripting.
- Input Validation: When receiving input from the request, always validate and always validate server-side.
- Output Validation / Encoding / Escaping: When displaying any input, always ensure it is displayed in the correct context that it will be embedded in.
In addition to input and output validation Learn also affords the ability to encrypt data during context passing.