WEB APP SECURITY

Another day, another high-profile company gets hacked, and more customer data falls into the wrong hands. The companydu-jour will say how its security was up to all the latest standards, and how this was clearly a state-level attack. Yet upon detailed post-mortem it’ll usually be revealed that some web-crawler got lucky and started pulling data from an unprotected endpoint.

It’s a common meme among programmers that businesses never have time to invest in security before an attack. Once an attack has taken place, the managers are all at your desk asking how you let this happen. Forgetting entirely that you’ve been calling for more time to focus on refactoring and security for several months, now only to be ignored.

As sad as this reality is, it’s not really the managers’ fault. The pay-off of a new feature is tangible: it has a fixed start and end; it links to a business objective; it is, for lack of a better word, quantifiable. Security and refactoring, however, is quite the opposite... or is it? If you can convey the risks and benefits without sounding like a broken record then you can change your culture for the better.

This series will empower you with the tools to do just that and make security part of your culture. Kicking things off we’ll discuss some fundamentals and motivation, which will be followed with detailed implementation tutorials in future issues.

Security breaches