I know that cyber security is a massive field that takes years to master. Do you have any suggestions of things people can do today to boost application/website/server security?
Hi Jack,
I am a security engineer as well.
I would recommend to start with reading the OWASP Top Ten and figure out if your app, service, etc... follow the very basic rules described there.
I see very often that developers don't know/care enough about security and release really unsecure piece of software that could be way more challenging for "BlackHat Hackers" and so remove all the "basic" flaws that you can encounter.
If you mean to start studying, I would go reading a lot, learning programming, playing capture the flags, joining sec communities and going to events...
But if you mean, as another kind of specialist (such as a dev or something) it depends on your role. If you are in charge of a project and are resourceful, I would hire an actual professional, an auditor, to perform the required tests. There are many automatized tools that can gives you a general idea of your security status, but for a real protection, a professional is needed. If you are a developer, your responsibility is to perform a clean understandable code, and acknowledge the latest vulnerabilities in the tools you choose to use. Most of the security issues in web apps are due to irresponsible use of versions. There's an interesting katacoda course about security in containers that could be used in such situation.
Hope to have cleared your mind about this topic!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I know that cyber security is a massive field that takes years to master. Do you have any suggestions of things people can do today to boost application/website/server security?
Hi Jack,
I am a security engineer as well.
I would recommend to start with reading the OWASP Top Ten and figure out if your app, service, etc... follow the very basic rules described there.
I see very often that developers don't know/care enough about security and release really unsecure piece of software that could be way more challenging for "BlackHat Hackers" and so remove all the "basic" flaws that you can encounter.
and yes!! those are top!
If you mean to start studying, I would go reading a lot, learning programming, playing capture the flags, joining sec communities and going to events...
But if you mean, as another kind of specialist (such as a dev or something) it depends on your role. If you are in charge of a project and are resourceful, I would hire an actual professional, an auditor, to perform the required tests. There are many automatized tools that can gives you a general idea of your security status, but for a real protection, a professional is needed. If you are a developer, your responsibility is to perform a clean understandable code, and acknowledge the latest vulnerabilities in the tools you choose to use. Most of the security issues in web apps are due to irresponsible use of versions. There's an interesting katacoda course about security in containers that could be used in such situation.
Hope to have cleared your mind about this topic!