Top 5 Security Peeve’s You Must Be Aware Of.

Most of the programmers ,deployment engineers and web surfers have a very casual approach when it comes to Security of the application. This post describes Top 5 Security Peeve’s referred to by such folks for whom security is secondary.

This post is an effort to remind you that Security should always be an important agenda in whatever application you develop and that Prevention is always better than cure and knowledge is the ultimate weapon in this age of Information Technology.

1.) Nobody would attack this: This is one of the most commonly heard reason for not building in enough security around the application. It would be interesting to know that as per a research, around 10 percent of the application owners usually never come to know that they have already been attacked. Recently an attacker was able to hack into a web application and insert malicious code inside the website’s javascript. This then caused Google to completely de-index the website. 

2.) Our Application is behind a secure Firewall: This is another most commonly heard Security peeve. Even if your application is behind a secure firewall, it doesnt mean you cannot be attacked. There are various kinds of attacks which can still be made, for example; SQL Injection Attacks. You can even learn to hack and also do a hacking practise on Ruby on Rails application to learn more about such attacks. 

3.) We haven’t coded that, we are re-using the Third Party Code: This is another often heard and most ignored of all Peeve’s. Its also interesting to note that most of us usually do use a lot of third party codes and re-usable code samples available freely over the internet. However, most of the developers, most of the times, never actually go and read the code behind those freely available samples and thereby imposing a security risk to the entire application using that bit of code. As a suggestion, i would say, always do read the code of the third party library to ensure that everything in it is as expected. This will also help you get rid of some of the annoying behaviour you might be noticing with your application since you started using the third party code.

4.) Our Development Methodology is Quality Focussed: Good that your development methodology is Quality focussed, but do have at the back of your mind that even if you focus on quality, security wont come attached. Defect free doesnt mean secure anymore in today’s world.

5.) I often use Free Wi-Fi at hotels, airports and coffee shops: If you are someone who uses free wi-fi at Hotels, Airports and Coffee Shops, ensure that you are enough protected. Have a good firewall, ensure that your OS is updated and you have an updated Antivirus and Spyware software. Free Wi-fi also brings with it free trouble if not administered properly. Also, its important you keep your Wifi protected so that you can ensure that your wifi doesn’t get used for illegal purposes.

You might also want to take another look at your Web Application Security Testing and also read Some Notes On Ethical Hacking

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Advertisements

One Response

  1. […] unknown wrote an interesting post today onTop 5 Security Excuses You Need To Be Aware Of. | TechnofriendsHere’s a quick excerptThis entry was posted on Thursday, December 11th, 2008 at 5:28 pm and is filed under hacking, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. … […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: