You probably hear it a lot: you should make your code secure! But…​ how? When it comes to security, there are a plethora of measures you can implement. Where do you start, and how do you know you’re doing the right thing?

Many blogs trying to help you in this area use a lot of jargon, making it hard for others to read and act on it. I’m here to help you with this, starting with a small explanation of what we’re trying to achieve with cyber security. This blog post is written for Software Developers specifically, no matter which language you program in or whether you’re a front-ender, back-ender, or full-stack.

As part of my work I frequently perform source code reviews for security issues. Looking for vulnerabilities in the logic of the source code is not easy, but when the encoding of that code is attacked, things get unreal pretty fast. Especially when you realise how often code is copy-pasted from sites like StackOverflow.

This article describes the dangers of hidden Unicode control characters and how they can make your source code appear differently than it is executed.