Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I'm shocked. Is this typical? Are people developing "web applications" without paying attention to Bugtraq and CERT notices, or even noticing that something they might be doing might be compromising their customer's security?

I wouldn't be surprised if it was typical. Heck even Microsoft only recently took a month's vacation from writing code to beef up software security.

My view is that security really is a full-time position. There are just too many exploits going on for the average person to keep track of. No wonder people ignore security concerns or are ignorant of them.

Here are some computer security links:

W3 Security FAQ by Lincoln Stein and John Stewart

Secure Programming Checklist by Simson Garfinkel and Gene Spafford

Perl CGI Problems in Phrack Magazine, Vol 9, Issue 55 by Rain Forest Puppy

Neohapsis Security Archives (Mirrors Bugtraq and others)
Provides extensive nearly real-time notifications about current and past exploits on many systems.

CERT Security
Provides notifications on current and past exploits on many systems.

Wietse Venema's Web Site
Contains many software programs like TCP Wrappers, Postfix, etc. and papers on computer security by this well known guru.

The Hacker's Choice
A German-based computer security site by hackers.


"The doktor is in."

In reply to Security Is Hard Not Easy - Re: •web site design, or lack thereof by metadoktor
in thread web site design, or lack thereof by merlyn

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (6)
As of 2022-12-08 20:44 GMT
Find Nodes?
    Voting Booth?

    No recent polls found