Application-Security ist not only "using SSL"…

There still seem to be many people assuming “using SSL” or “keeping the default password secret” to be effective counter measures against becoming compromized. While this is partly true for SSL (correctly implemented this will protect your datas confidentiality and integrety), default passwords are “evil by default”. But you have to take care about every potential attack – and you should take care about the OWASP Top 10.
You might see examples of this in two recent incidents:

As a developer it should be clear that you need a basic understanding about SSL, authentication methods and encryption, but to produce secure software you also need to understand the risks. Just applying some random counter measures is not what makes your application secure, you need to understand the things that may make your application in-secure – things like default passwords (which are a bad idea by default), XSS, CSRF, injection, etc.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Sylvio's Infobox

Aktuelle Themen rund um SQL Server, BI, Windows, ...

Meredith Lewis

Professional Digital Portfolio

Vittorio Bertocci

Just another weblog

ScottGu's Blog

Just another weblog

AJ's blog

Thoughts and informations I think worthwhile to share...

Outlawtrail - .NET Development

Architecture & Design

SDX eXperts Flurfunk

Just another weblog

%d bloggers like this: