[WEB SECURITY] The lack of security enabled frameworks is why we're vulnerable

bugtraq at cgisecurity.net bugtraq at cgisecurity.net
Thu Dec 21 16:44:26 EST 2006

"I always hear the argument 'people who write applications vulnerable to 
buffer overflows, sql injection or cross site scripting shouldn't be writing code!' 
and its a nice fantasy! New people are always learning to code, being put into 
situations to develop things maybe they shouldn't be and this isn't going to ever 
stop. The majority of skilled developers start out the same way and faulting them 
for 'learning the ropes' is just plain stupid. We need to start hand holding what 
developers are doing by preventing them (by default) from making common security 


- Robert
http://www.cgisecurity.com/ Web Site Application Security News, and more!
http://www.cgisecurity.com/index.rss [RSS Feed]

The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list