[WEB SECURITY] The lack of security enabled frameworks is why we're vulnerable
bugtraq at cgisecurity.net
bugtraq at cgisecurity.net
Thu Dec 21 16:44:26 EST 2006
"I always hear the argument 'people who write applications vulnerable to
buffer overflows, sql injection or cross site scripting shouldn't be writing code!'
and its a nice fantasy! New people are always learning to code, being put into
situations to develop things maybe they shouldn't be and this isn't going to ever
stop. The majority of skilled developers start out the same way and faulting them
for 'learning the ropes' is just plain stupid. We need to start hand holding what
developers are doing by preventing them (by default) from making common security
mistakes."
URL:
http://www.cgisecurity.com/2006/12/10
- Robert
http://www.cgisecurity.com/ Web Site Application Security News, and more!
http://www.cgisecurity.com/index.rss [RSS Feed]
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list