Jim Bird has a new post with links to a few different resources helping you "cheat" at application security - links to cheat sheets with highlights of key points to keep an eye out for.
Developers need to know a lot in order to build secure applications. Some of this is good software engineering and defensive design and programming - using (safe) APIs properly, carefully checking for errors and exceptions, adding diagnostics and logging, and never trusting anything from outside of your code (including data and other people's code). But there are also lots of technical details about security weaknesses and vulnerabilities in different architectures and platforms and technology-specific risks that you have to understand and that you have to make sure that you deal with properly. Even appsec specialists have trouble keeping up with all of it.
He links to several of the OWASP cheat sheets for things like:
没有评论:
发表评论