[kwlug-disc] Security arguments

Khalid Baheyeldin kb at 2bits.com
Wed Sep 23 17:59:54 EDT 2009

> The most damaging bugs found in web applications, code injection, are
> handled through easy to program and use escape functions or handy SQL
> calls.
> A lot of security would be gained if the tutorial mentioned this key
> practice.
> I was formally taught programming, almost 20 years ago now, and very
> little (nothing?) was taught about security, but we were taught about
> buffer overruns, because of the potential for bugs, not the security.
> Today I hope that students are taught to inspect all input data.

To be fair, 20 years ago, the environment that programs would be
deployed in was far less hostile than what it is today for web servers.

Apart from the Morris worm, there was no port scans, remote expolits,
code injection, SQL injection, Cross Site Scripting, Cross Site Request
Forgery, ...etc. ad nauseum.

The worst that could happen was that an insider would do a Robin
Hood and Friar Tuck

Things have changed today, and yes, I hope students are being taught
these perils.
Khalid M. Baheyeldin
2bits.com, Inc.
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20090923/9c064d62/attachment.html>

More information about the kwlug-disc mailing list