When developing an application, you need to be security-aware. Applications often request, reference, or otherwise use data such as:

  • Credit card or other payment credentials and information

  • User's personal identifying information, such as names, addresses (email and physical), phone numbers, and so on

  • Application credentials and tokens

  • Business intelligence data, such as order sizes, sales data, and other information that has the potential to be misused by competitors and other businesses

As an application developer, you’re responsible for securing your users’ data and accounts. You’re expected to follow the OWASP secure coding principles (or OWASP Cheat Sheet) and address the OWASP Top 10 Most Critical Web Application Security Risks.

The subsections below describe the eBay-specific actions that are either expected of you and your application or are generally good security practices to follow.