DevelopMENTAL Madness

Monday, June 09, 2008

Information for every developer: OWASP

A friend of mine recently was the victim of identity theft. Fortunately, for him the bank caught it before any damage was done. But essentially a key logger was installed on his computer which exposed all his personal account information and logins to the attacker.

Today, I was involved in a discussion on a new(er) variant of the well-known SQL Injection attack. In the discussion I was floored that there were some posters who made suggestions which did not properly fix the problem because they continued to use the same vulnerable techniques. They simply moved things around thinking it would fool an attacker.

As developers we can be so lazy sometimes and we continue to shoot ourselves in the foot for it.

Today, I came across OWASP.org (Open Web Application Security Project). Every developer should read the information available on this site - it applies to ALL web development platforms. Check out the free books on the site and start changing how you code right away.

As those who create content for the web, it is our responsibility to protect the web from attackers. By simply changing the way we write applications for the web we can dramatically reduce the attack surface and make the web drastically more safe and secure for all of us.

Please code responsibly.

Links to this post:

Create a Link

<< Home