Security Matters

-

Recently, somebody asked me to take a look at a product they had, and give them some information on what I could do to improve it. Their product was a simple survey tool, focused on gathering data from users they invited or that had paid to use the tool. It seemed straightforward enough. Sure, I had a few concerns: the site had been outsourced, and this person wasn't a technical individual, but I figured I could take a look.

What I found was pretty shocking.

Passwords stored in plain text. No SSL encryption for logins or credit card data. A complete and total lack of any kind of password policy. And this was before I even got into the code.

Too often, it's easy to forget about security considerations when we're working on building something for a client. Security is one of those things that it seems people learn once and then assume they know, like riding a bicycle. But it's not. Security is an ongoing learning process.

When was the last time you stepped out and took a look at the OWASP Top Ten? It changes every year and is worth a look. How about examined security policies in your own app? Checked to make sure your password storage algorithms are up to par? Verified that you're using the latest and greatest version of PHP with all the security fixes? Updated that legacy site to use PDO instead of MySQL_*?

You might think security doesn't impact you, or that once you're done working for a client that the security of a particular application doesn't matter. It does! Clients can and will come after you for security vulnerabilities if they get hacked. And security vulnerabilities can be expensive: just one set of stolen credit cards can ruin a company's reputation and financial bottom line.

Comments

Post a Comment

Popular posts from this blog

Navigating the Jungle of Web Traffic: A Technical Team Lead's Guide to "I'm a Celebrity, Get Me Out of Here"

-
"I'm a Celebrity, Get Me Out of Here" has become a cultural phenomenon, captivating audiences worldwide with its thrilling challenges and celebrity antics. As a Technical Team Lead, preparing for the surge in traffic during the show's broadcast is akin to navigating a dense jungle of user interactions. In this article, we'll explore the strategies and considerations that technical teams can employ to ensure a seamless online experience while aligning with marketing promotions. 1. Assessing the Infrastructure: Before the chaos ensues, evaluate your web infrastructure. Ensure that servers are optimized, databases are finely tuned, and CDN (Content Delivery Network) configurations are robust. Conduct load testing to simulate peak traffic and identify potential bottlenecks. This step is crucial for preventing server crashes and maintaining site performance under increased load. 2. Scalability and Elasticity: Consider implementing auto-
Read more

TCP Handshake over IPv6

-
The internet we know today heavily relies on TCP/IP to send our information around the world at lightspeed.  With more devices than ever connected to the internet (insert link to back this up, it sounded cool), using IPv4 we're soon going to run out of addresses.  And in fact if it weren't for technologies such as NAT we'd be in a stickier situation than we already are.   In preperation of running out of IP addresses, IPv6 was mustered up around 1998 by the IETF, a 128-bit addressing convention vs the old IPv4 32-bit addressing. So that means IPv6 has been around quite a while now.  Almost 20 years, yet still IPv4 is all the rage.  Perhaps us techies have trouble letting go of what we know.   I mean why set up an AAAA record, when you only need to set up an A record right?  Why configure DNS to use   2001:4860:4860:0000:0000:0000:0000:8888 or 2001:4860:4860::8888 when you can just use 8.8.8.8 right?  Well yeah, let's save all that for another article, once I've h
Read more

The Vital Importance of Secure Wi-Fi Networks

-
In today's digitally interconnected world, Wi-Fi has become an indispensable part of our daily lives. From homes to businesses, coffee shops to airports, we rely heavily on wireless networks to stay connected. However, amidst the convenience and ease that Wi-Fi brings, security should never be taken lightly. In this blog post, we'll delve into the critical importance of using secure Wi-Fi networks and the potential risks associated with neglecting this aspect of our online lives. The Threat Landscape First and foremost, let's address the ever-looming threats that exist in the digital realm. Unsecured Wi-Fi networks are a goldmine for cybercriminals, as they provide an easy entry point to intercept sensitive data. When you connect to an open, unencrypted Wi-Fi network, your data becomes vulnerable to eavesdropping and interception. Malicious actors can capture login credentials, personal information, and even financial details, putting you at risk of identity theft, financi
Read more