Skip to main content

Posts

Showing posts from February, 2019

Documentation of a project

In my previous post I described 10 steps we should take to improve security of web applications. In this article I'm going to describe the purpose of documenting a project and what information should be included.
Every successful project requires documentation to communicate a project goal and requirements to reach it.
Purpose of documentation The reason documentation exists is to communicate in a clear, understandable language with all people involved. For web applications this documentation should describe the idea as a concept, steps needed to convert the idea into an application, what tools, applications and services are required in the proces of building the application, how the application is architected and who are the people involved.

Since documentation is never complete, a good structure is required to allow additions or corrections being made over time. I prefer to use a Wiki type of platform to write my documentation. A wiki has often a simplified markup language and a…

Getting to understand the basics of security

In this article I first try to understand what security is and what are best security practices for web applications.

In my previous article "The challenge for 2019 has just got real" I had set a challenge for myself in 2019: to learn more about securing web applications in general and PHP web applications in specific.

In this article we're going to explore what security means and what basic steps should be considered in providing security. After all we want to incorporate security in our design and development process instead of trying to bold it on at the end.


What is security? Security is freedom from, or resilience against, potential harm (or other unwanted coercive change) caused by others. This quote is taken from WikiPedia where in my opinion the goal of security is very well described.
Security should provide freedom for the related partySecurity should create a resilience against harm or unwanted change caused by others What I'm missing in this quote is the f…