Wednesday, January 20, 2010

No More Excuses!

Hey, you're a web application developer. I know you have deadlines looming, looming angst about your web site's security, and heirloom code you have to maintain. Get over it. This blog is all about helping you, and me, stay on top of security. Headlines scream about simple development mistakes costing 170 million credit card numbers. Some of those people lost money. You ever have someone wipe your card out? Painful and time/energy-consuming to correct. Someone's simple mistake(s) caused that to happen. People can blame the company, or the semi-clueless (at the time) CEO, or the guile of hackers. But guess what...someone programmed that code and either was not understanding what they were coding, or were flat out negligent.

To me, it is their fault.

Part of the blame has to go to the company execs and programming managers of a company that stakes its reputation on protecting and delivering peoples' credit card data. But the programmers also work for them and have to understand what their work affects every day they come in and sit down with a cup of coffee and a freshly booted PC.

I know, I know. Deadlines, budgets, tight time schedules, someone else promising you will deliver on an impossible schedule...all causing security to get baked in later if at all.

You know what? Get Over It.

This blog will hopefully educate, entertain and help us all out. This will be a no holds barred look at web app security, from an ASP.NET standpoint mostly. PHP guys/gals...get over it. (See a theme here? ) The stuff on this site will hopefully apply to you too, and you can go figure out how to code those things I put in as ASP.NET logic. I will try to keep things as language agnostic as possible, since I would prefer all web devs have the knowledge, but there will be days when I post ASP.NET or IIS specific things, whether exploits or fixes.

So no more excuses! You can learn this stuff pretty quickly and stop many many attacks dead. You can be the hero.

I will start my next post talking about XSS. Never heard of it? Please tell me you don't build websites...

No comments:

Post a Comment