Michael Howard, senior Security Program Manager at Microsoft, writes a list of habits any developer must have in order to get a final, secure and efficent product. The list goes as follows:
Habit #1: Take Responsibility
Habit #2: Never Trust Data
Habit #3: Model Threats against Your Code
Habit #4: Stay One Step Ahead
Habit #5: Fuzz!
Habit #6: Don’t Write Insecure Code
Habit #7: Recognize the Strategic Asymmetry
Habit #8: Use the Best Tools You Can
Details for every habit can be found here: 8 Simple Rules For Developing More Secure Code.
I couldn’t agree more…
For Developing More Secure Code : Habit #6: Don’t Write Insecure Code.
this guy is stupid ๐
@Tarek: lol, well actually no, sometimes the most evident points are the ones that are overlooked; simply put, if you want secure code, don’t write insecure code, which means that you should be well educated and informed when it comes to security issues so that you can avoid them when writing your code. If you know there’s a vulnerability in a certain function of feature, you shouldn’t use it, …etc.
Interesting.
Regarding insecure code, I’ve worked alongside ‘top-level’ developers, earning big bucks, and have seen them make horrendous mistakes with their coding. Especially web-related coding (i.e. CGI-based) with SQL-inject and a whole load of other ways a malicious user (or in-fact, a normal human user) can crash an application.
@Luke: Yep, exactly my point, now any senior or even junior developer should know about security issues like that, but sometimes they just ignore it and go on writing the code without doing the necessary to secure it or to get around the existing vulnerabilities.