One concept that I would really like to talk about is secure coding practices, secure applications, and where do you really come up with those ideas and who tells you how this stuff works? While I would say a lot of that should come from your developers and should come from our info-site department if you have that, it can actually come from people like South Seas Data that actually know a lot of these policies.
In specific, we employ a lot of these policies ourselves and that’s why I think we’re good at doing this, is that we tend to follow these own procedures ourselves and make sure that we know how they work and know what problems you’re going to run into before you even get to that situation.
One organization that I like to bring up is an organization called OWASP. That’s actually an acronym and specifically, this is a not-for-profit organization that is backed by US-CERT. They’re actually federally backed. That doesn’t mean that they are provided cash, but they’re specifically backed in that their policies are correct and the government likes their policies. What they do is they release out specific helpers and guides and manuals on how to review code security and how to basically forget and get rid of the normal pitfalls you would have when you are coding web applications.
In specific, they say … I’ll give you an example. You’re building an application and you’re trying to put in a username password system and you want users to securely be able to log in. Well, there are particular ways that you don’t want to code that because somebody could break into that and get those passwords or get those usernames from your system if you don’t code securely. That’s where OWASP actually comes into play is that they provide things like quick reference guides to help you with the most common problems new developers or companies that are new into this, fall into when they’re actually coding this kind of stuff.
They give you very good examples, so I won’t try to go over specifics on what they have, but I would recommend, check out OWASP. Go to their website, download their documentation, look at it, especially if you’re concerned with web security in particular because they have a lot of very good people that are backing this project and will tell you what you should explicitly avoid. They give you great examples of how to code around that or how to avoid those pitfalls.
I’m Anthony from South Seas Data. I’m here to help you keep your Windows secure.