Information for every developer: OWASP

A friend of mine recently was the victim of identity theft. Fortunately, for him the bank caught it before any damage was done. But essentially a key logger was installed on his computer which exposed all his personal account information and logins to the attacker.

Today, I was involved in a discussion on a new(er) variant of the well-known SQL Injection attack. In the discussion I was floored that there were some posters who made suggestions which did not properly fix the problem because they continued to use the same vulnerable techniques. They simply moved things around thinking it would fool an attacker.

As developers we can be so lazy sometimes and we continue to shoot ourselves in the foot for it.

Today, I came across OWASP.org (Open Web Application Security Project). Every developer should read the information available on this site - it applies to ALL web development platforms. Check out the free books on the site and start changing how you code right away.

As those who create content for the web, it is our responsibility to protect the web from attackers. By simply changing the way we write applications for the web we can dramatically reduce the attack surface and make the web drastically more safe and secure for all of us.

Please code responsibly.

Feedback on IE tester?

I ran into a link for IETester today. Supposedly, you can use it to test a site in different IE versions. But it's in alpha, I'm curious if anyone has had experience with the company or has been doing any significant evaluation of IETester up to this point. I'd like to keep an eye on it and see how it progresses at this point. Up to this point I've been using MultipleIE, but only because it's the only tool I know of. It doesn't work great for UpdatePanel and the client I'm working for right now uses this control alot.