Skip to main content

Apply security practices

Implement security best practices across GDI components.

OWASP Top 10

Address common vulnerabilities:

SQL injection prevention

Use parameterised queries:

@Query("SELECT d FROM Dataset WHERE id = :id")
Dataset findById(@Param("id") Long id);

XSS prevention

Sanitise user input in React:

import DOMPurify from "isomorphic-dompurify";

const SafeContent = ({ html }) => {
const clean = DOMPurify.sanitize(html);
return <div dangerouslySetInnerHTML={{ __html: clean }} />;
};

Security scanning

Dependency scanning

Check for vulnerabilities:

npm audit
./mvnw dependency-check:check

Secrets management

Never commit secrets. Use environment variables:

const apiKey = process.env.API_KEY;

Authentication security

  • Use HTTPS only
  • Implement CSRF protection
  • Set secure cookie flags
  • Validate JWT tokens
  • Implement rate limiting