# Security
All developers in the company must be aware of certain security risks because insecure software coding and web applications can leave systems vulnerable to exploitation.
# Secure coding practices checklist
- Input Validation
- Output Encoding
- Authentication and Password Management (includes secure handling of credentials by external services/scripts)
- Session Management
- Access Control
- Cryptographic Practices
- Error Handling and Logging
- Data Protection
- Communication Security
- System Configuration
- Database Security
- File Management
- Memory Management
- General Coding Practices
Check OWASP Secure Coding Practices (opens new window) guide for more details regarding the checklist.
# OWASP TOP 10
Developers must be aware of OWASP top 10 security risks (opens new window). This is the list of most common risks:
- Injection (opens new window)
- Broken Authentication (opens new window)
- Sensitive Data Exposure (opens new window)
- XML External Entities (XXE) (opens new window)
- Broken Access Control (opens new window)
- Security Misconfiguration (opens new window)
- Cross-Site Scripting XSS (opens new window)
- Insecure Deserialization (opens new window)
- Using Components with Known Vulnerabilities (opens new window)
- Insufficient Logging & Monitoring (opens new window)