You have explored many different ways to find vulnerabilities in applications and exploit them. This chapter looks at ways you can prevent these vulnerabilities in your applications by implementing the right security mechanisms.

Protections against common vulnerabilities such as code injection, logic flaws, insecure storage, application configuration, insecure communication channels, logging, and others will be explored. Some of these mechanisms may be simple configuration changes and others require changes at the code level.

Principle of Least Exposure

The fewer entry points there are into an application, the smaller the attack surface is. To minimize an application's attack surface, the application developer needs to perform the following tasks iteratively:

1. Consider all entry points into the application. This involves finding every single portion of the application code that is exposed in some way to input from outside sources.
2. Remove any entry points that can be. An application that has minimal entry points has already reduced its risk exposure.
3. If an entry point has to be exposed, perform security checks at the entry points before running any other code.