On Fri, 2006-04-21 at 22:23 -0400, Roberto C. Sanchez wrote: > Christopher Nelson wrote: > > On Fri, Apr 21, 2006 at 02:21:14PM -0600, Monique Y. Mudama wrote: > > > >>Or even more often, PHP scripts that you write yourself! > > > > Yes of course, but those aren't usually intentionally insecure ;) If > > they are, you might want to see someone about it... But I (foolishly) > > assumed that someone writing their own would realise the security risks. > > > > It's funny how people overestimate their own ability to write secure > code. At one point, I though I knew how to write secure code. Then, as > part of my Master's courses, I took a course on secure software design. > Mind you, this was a lot of high-level stuff. We did some shell > scripting and some C coding. Overall, I was stunned at how easy it is > to make mistakes that are exploitable. I know that some modern > languages and compilers try and mitigate some of the vulnerabilities, > but it is still easy to make mistakes. > > The best point that I learned in that class was that security absolutely > must be part of the design from the very beginning if it is to have any > sort of effect. Otherwise, you are stuck bolting it on after the fact, > which usually does not work so well.
Unless you write with a secure language like COBOL. -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA "(Women are) like compilers. They take simple statements and make them into big productions." Pitr Dubovitch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
