1. Software Standards Specification
  2. Software Requirements Definition
  3. Software Best Practices
  4. Input Validation
  5. Output Validation
  6. Cookie Requirements
  7. Access Failure Error Checking
  8. Buffer Overflow
  9. Code Structure
  10. Software Functions
  11. Software Modules
  12. Requirements for Variables
  13. Software Code Comment Requirements
  14. Quality Code Requirements
  15. Software Code Review
  16. Software Code Testing Requirements
  17. Software Change Control

    Security Best Practices

  18. Secure Functional Requirements
  19. Account Creation
  20. Change Password
  21. Forgot Password
  22. Personal Question
  23. Contact Webmaster
  24. CAPTCHA Tests
  25. Answer Verification

Output Validation

All output sent to the user must be checked for any potentially harmful content. Any unauthorized active content should not be allowed to be sent to the user whether it is from an internal database or any other source.

Output validation checks will protect against cross site scripting attacks. Where possible, the output should be checked to be sure it matches the exact output expected and does not contain a lot of extra characters.

Output Requirements Checks

  • The content should be checked for script so <script> tags should be screened and < and > tags should be screened to be sure that any tags being sent to the user are sent by intended sources.
  • Brackets, double quotes, and single quotes should be properly formatted to be viewable and so they cannot contain harmful content. In PHP the HTMLencode could be used to do this.
  • Check the length of the output to be sure it is not longer than is expected. This will prevent or limit data base dumps and other possible harmful output.
  • Look for characters or embedded content that may indicate a possible attack against a browser and notify an administrator.