Apply security practices
Implement security best practices across GDI components.
OWASP Top 10
Address common vulnerabilities:
SQL injection prevention
Use parameterised queries:
@Query("SELECT d FROM Dataset WHERE id = :id")
Dataset findById(@Param("id") Long id);
XSS prevention
Sanitise user input in React:
import DOMPurify from "isomorphic-dompurify";
const SafeContent = ({ html }) => {
const clean = DOMPurify.sanitize(html);
return <div dangerouslySetInnerHTML={{ __html: clean }} />;
};
Security scanning
Dependency scanning
Check for vulnerabilities:
npm audit
./mvnw dependency-check:check
Secrets management
Never commit secrets. Use environment variables:
const apiKey = process.env.API_KEY;
Authentication security
- Use HTTPS only
- Implement CSRF protection
- Set secure cookie flags
- Validate JWT tokens
- Implement rate limiting