Phil Haack and Scott Hanselman did a live "show" where they exploited weaknesses in a website, and then close the "security holes".
Most of it was live demo, and this is some of the attacks they demonstrated:
CSRF attack - Cross Site Resource Forgery (lager et script som poster data (e.g. en kontooverførsel) og lurer bruker til å kjøre dette scriptet (via spam email) mens han er logget inn)
My takeaway: To test and verify that you have a "secure enough" site, requires a big skillset. This is not for every developer, but seems to be something solutions really should do to be "secure enough" according to the paranoia level appropriate for the case at hand.
In my company I know some people that have these skills and I will try to involve them in future web-app "security hardening" activities in our current IT programme.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment