Add Security section

Author: donnemartin

README.md

@@ -1628,3 +1628,19 @@ REST is focused on exposing data.  It minimizes the coupling between client/serv
 * [Crack the system design interview](http://www.puncsky.com/blog/2016/02/14/crack-the-system-design-interview/)
 * [Thrift](https://code.facebook.com/posts/1468950976659943/)
 * [Why REST for internal use and not RPC](http://arstechnica.com/civis/viewtopic.php?t=1190508)
+
+## Security
+
+This section could use some updates.  Consider [contributing](#contributing)!
+
+Security is a broad topic.  Unless you have considerable experience, a security background, or are applying for a position that requires knowledge of security, you probably won't need to know more than the basics:
+
+* Encrypt in transit and at rest.
+* Sanitize all user inputs or any input parameters exposed to user to prevent [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) and [SQL injection](https://en.wikipedia.org/wiki/SQL_injection).
+* Use parameterized queries to prevent SQL injection.
+* Use the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
+
+### Source(s) and further reading
+
+* [Security guide for developers](https://github.com/FallibleInc/security-guide-for-developers)
+* [OWASP top ten](https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet)