PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
October 2009

Developers Need Help with Security Errors

Development errors that leave a custom Web application prone to a SQL injection attack are still not being addressed, and that's a problem because of rampant attacks against Web-facing applications. Custom Web apps are attractive because they're relatively simple to deploy. But coders often fail to address security, nor do they test apps for vulnerabilities prior to production. A recent SANS Institute report on the top cyber security risks of 2009 was harsh on the continued problem of SQL injection flaws and called for a renewed focus on technology solutions to prevent SQL injection, and education of developers about the problem. "It's going to be impossible to do security without some kind of augmentation to improve both our ability to see things as they happen and to figure out problems as they come along," says Jim Molini, a Microsoft security professional and an architect of the new Certified Secure Software Lifecycle Professional (CSSLP) certification. "The innovations that I expect to see at some point in the area of ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue