Business IT - Technology for your business

No. 1 Story

Online group buying market surges to near $500b and growing

Online group buying has taken off in a big way in the Australian market, with the market now worth nearly nearly half a billion dollars and significant growth predicted over the next 12 months and beyond. read more

StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Training the key to avoiding software security flaws

Stephen Withers
Friday, 27 August 2010 16:40

Business IT - Security

Page 1 of 2

The same types of exploits have remained the most common for at least three years. Are developers slow to learn?


Microsoft Office 365 Get your free Trial

Related Articles

The Open Web Application Security Project (OWASP) list of the top ten attacks has changed little between 2007 and 2010, while code reviews conducted by Microsoft's internal IT operation reveal five types of flaw that keep cropping up.

"This happens because it [software] is complicated," said Rocky Heckman, senior security architect at Microsoft, explaining that software has a tendency to do unintended and undesirable things.

The five common flaws he sees involve cross-site scripting (XSS), SQL injection, buffer overflows, canonicalisation, and cross-site request forgeries (XSRF).

There are established ways of avoiding these issues, including input validation, stored SQL procedures, managed code, and encrypted unique session IDs, so why do they keep appearing?

"Big organisations are like the Titanic - difficult to turn around," Heckman told iTWire. A general reluctance to touch old code contributes to the problem.

Training is the key - see page 2.
Start 1 2 Next 

Sponsored Announcements

Eaton’s Innovative Rack Power Distribution Solutions Offer High-Accuracy Power Monitoring and Management at the Individual Outlet Level

David Bass | Diversified industrial manufacturer Eaton Corporation has today launched a new set of enclosure power distribution units, ePDUs, that prov…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases