Musings on Software Engineering and Application Security from Jim Manico
Jim Bird ( jimbird@shaw.ca ) just completed a 10-post blog series on the various OWASP Top Ten Proactive Controls. These articles have been cross-posted up on DZone and Java Code Geeks. Two of the posts (on logging, surprisingly, and on including security in requirements) have made "Big Links" on DZone so far and have been syndicated. The posts have already reached a couple of thousand developers and growing, so that's a good thing! Here are the complete set of links: Parameterize Database Queries http://swreflections.blogspot.ca/2014/06/10-things-you-can-do-to-make-your-app.html Encoding Data http://swreflections.blogspot.ca/2014/06/10-things-you-can-do-to-make-your-app_9.html Validate Input http://swreflections.blogspot.ca/2014/06/10-things-you-can-do-to-make-your-app_11.html
Access Control http://swreflections.blogspot.ca/2014/06/10-things-you-can-do-to-make-your-app_16.html Authentication Controls http://swreflections.blogspot.ca/2014/06/10-things-you-can-do-as-developer-to.html
Protect Data and Privacy http://swreflections.blogspot.ca/2014/06/10-things-you-can-do-as-developer-to_23.html Logging and Intrusion Detection http://swreflections.blogspot.ca/2014/06/10-things-you-can-do-as-developer-to_30.html Secure Frameworks: Leverage other people's code (Carefully) http://swreflections.blogspot.ca/2014/07/10-things-you-can-do-as-developer-to.html Start with Requirements: http://swreflections.blogspot.ca/2014/07/10-things-you-can-do-as-developer-to_7.html Design Security In: http://swreflections.blogspot.ca/2014/07/10-things-you-can-do-to-as-developer-to.html
Great work, Jim Bird!
Aloha,
Jim Manico