Secure coding
In previous chapters, you have already read about best practices for writing PowerShell code. In addition, we will add some more advice here. These will be things that most software developers learn very early in their career, but as you know, PowerShell users are very rarely real software developers. Most PowerShell users actually come from the operations area and are trying to automate operational tasks. The following practices are described by the Open Web Application Security Project (OWASP) and include, in our opinion, the most important topics:
- Input validation
- Output encoding
- Authentication and password management
- Session management
- Access control
- Cryptographic practices
- Error handling and logging
- Data protection
- Communication security
- System configuration
- Database security
- File management
- Memory management
- General coding practices
Note
A complete description of the security practices from OWASP can be retrieved from the following link: https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_...