+ Reply to Thread
Results 1 to 4 of 4

Thread: Software security or secure programming

  1. 03-08-2007, 03:30 PM #1
    GeorgeA
    GeorgeA is offline
    What do I do with this ?
    Join Date
    Jan 2007
    Posts
    58

    Default Software security or secure programming

    You can have a super secure server , however, if the applications your building on it have vulnerabilities , you are vulnerable to attacks.
    Some of the most common exploits are listed over here:
    en.wikipedia.org/wiki/Exploit_%28computer_security%29 (copy/paste link in browser adress)
    Remember to disable register_globals , validate your input , whitelist users that can modify important files and so on.
    Anyone can contribute with tips on software/application security , since this is what the thread is for!
    Reply With Quote Reply With Quote
  2. 12-29-2008, 02:47 PM #2
    cisco-tips
    cisco-tips is offline
    Junior Member
    Join Date
    Dec 2008
    Posts
    8

    Default

    Sorry for bringing up an old post, but I just wanted to provide my own feedback on this threat. I started studying for the CISSP exam and one of the key points that I learned is that application security is of paramount importance. More than 85% of security flaws are located on applications. Security professionals should consume most of their effort to build secure applications rather than building up security in networks (with firewalls, IPS etc). Ofcourse network security is very crucial as well, but what I say is that application and software protection is more important.

    My two cents.
    CCNA Training

    Cisco ASA
    Reply With Quote Reply With Quote
  3. 01-28-2009, 11:45 AM #3
    Shadowknight
    Shadowknight is offline
    Junior Member
    Join Date
    May 2007
    Location
    Toronto, Ontario
    Posts
    10

    Default

    I ran into this issue recently with a customer where I work. He couldn't understand the fact that the server is only as secure as the scripts the customer put on to it. We run a good security server, but if you put script on it with security vulnerabilities, such as Joomla 1.15 into the system, then the compromise is going to occur on the script level and not the server level. Needless to say he was upset and ranted for over an hour on someone hacking his website due to the Joomla 1.15 security bug.
    Reply With Quote Reply With Quote
  4. 01-29-2009, 02:16 AM #4
    ManagerJosh
    ManagerJosh is offline
    Moderator
    Join Date
    Mar 2007
    Location
    Southern California
    Posts
    150

    Default

    Quote Originally Posted by Shadowknight View Post
    I ran into this issue recently with a customer where I work. He couldn't understand the fact that the server is only as secure as the scripts the customer put on to it. We run a good security server, but if you put script on it with security vulnerabilities, such as Joomla 1.15 into the system, then the compromise is going to occur on the script level and not the server level. Needless to say he was upset and ranted for over an hour on someone hacking his website due to the Joomla 1.15 security bug.
    It is as much of fault as Joomla as it is some for people, who fail to update their scripts.
    All the best,
    ManagerJosh
    Gaming Hosting Director of
    SimGames.net, Owned and Operated by Steadfast Networks
    Reply With Quote Reply With Quote
+ Reply to Thread
« I am unable to establish failover on my asa 5520 | Tutorial Links for Linux / BSD Security »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules