Secure Coding : "must have" skills for any modern software developer
Traditionally Cyber security has been associated mainly with penetrating networks and infrastructure.
Now a more subtle level of attack needs to be considered if we are to properly protect our corporate and client systems; Application level attack.
As attackers become more sophisticated, Organisations must also look at whether their web applications (be it Java, .NET, PHP....) are coded with security in mind. If not, it is only a matter of time before they will be exposed.
Developers can be quite protective about their applications and quality of code, but time and again we see "secure" systems compromised with the usual PR and financial consequences.
OWASP Top 10 vulnerabilities (like XSS, CSRF, SQL Injection or Indirect Object Reference) give Developers guidance which, combined with the Secure Application Development part of PCI DSS (Payment Card Industry Data Security Standard) can form a strong basis for robust software development.
Ideally Development teams should make a ‘paradigm shift’ and learn what are the security properties the applications they are coding should contain. Some of these aspects will be generic to all web developers – while others are language specific.
But since vast majority of flaws within applications are due to flawed design, implementation, or programmer errors, the most important outcome is to learn what questions to ask.
JBI can help your organisation with a range of Secure coding & Security training courses and in particular Secure coding training for .NET Developers and also secure coding courses for Java developers