Security Basics

We can think of security concerns for web developers operating on two levels: The first level is the connection from the user to the server. This connection may be secure, which means it is encrypted between the client web browser and the web server responding to the request. Or the connection may be insecure, which means the data being transmitted is "visible" to anyone observing traffic on the network, exposing both the site and the user to attacks that make use of that information.

The second level on which we think about web security is the application level. That is, what does our application do? And how does it make that happen?

In general, there are some guidelines we can follow to make sure we are preventing the most common attacks and vectors. All members of the web product team should be familiar with basic security risks and the concept of how we combat those risks. All members of the team should also be versed in best practices guidelines such as storing a minimal amount of user information or respecting user privacy by sometimes encrypting stored data so that even the admins cannot access it.