Back to News for Developers

Security and Facebook Platform

November 5, 2009ByRyan McGeehan

At Facebook we work overtime to protect users' experience from hackers, phishers, fraudsters, and other bad actors across the Web.

Our users trust Facebook with their personal data, which is something we take very seriously. In a recent TRUSTe survey, Facebook was voted one of the top 10 most trusted companies when it comes to user privacy. Through Facebook Platform, our users can entrust their data to your applications. When they do so, it becomes your responsibility to protect that data.

Knowing how to secure data and keeping up with the latest scams and vulnerabilities is a full time job in and of itself, so our security team is here to share the top issues on our radar and discuss the secure aspects of Facebook Platform. We've assembled a Platform security article on our Developer Wiki to help you make your software development practices more secure. The article discusses:

  • The security benefits that Facebook Platform's core components (FBML/FBJS/XFBML) offer.
  • The Open Web Application Security Project (OWASP) Top Ten vulnerabilities, which should help you prioritize the threats you need to worry about.
  • OWASP and Microsoft Web development resources, for more complete documentation on secure development.
  • Standard server administration practices to enhance security on your site.

We hope you're already utilizing these methods, and if you aren't, that you seriously consider implementing them to avoid having a malicious person compromise your application. This way, together we can offer our users the safest and most secure Facebook experience possible. We welcome your feedback on the Developer Forum.

Ryan, an engineer on the Facebook Security team, is on the case, protecting your data.