re: What are some fundamentals of security every developer should understand? VIEW POST

VIEW FULL DISCUSSION
 
  • Security is hard. It's worthwhile to read about various attacks to understand the magnitude of ways in which stuff is attacked.
  • Your system will be breached. Mitigation strategy is as important as the "wall".
  • A system is never "secure", you can only balance security goals with current risks and available resources.
  • Privacy is inseparable from security. Even if you're irresponsible and don't care about your users, the attackers will.
  • Security becomes harder as the data becomes more valuable. Most systems are really only secure because nobody really wants the data they store. As a company becomes successful, the attackers will come.
  • Security is a moving target. You are are never done implementing security.
  • User security is as important as corporate security.
  • Being open about security is the only way to know it's correct. There is no security through obscurity.
  • Everybody is responsible for security. Every person and every machine is a potential attack vector.

Practical advice:

  • Use existing libraries
  • Follow best practices
  • Keep everything up-to-date
  • Be open and ask questions
  • Code defensively
  • Be aware of risks
 

Do you have any books or suggested reads on various attacks?

 

I follow these two guys on Twitter: (@Scott_Helme)[twitter.com/Scott_Helme] and @troyhunt. They're a source of lots of security articles, research, breaches, etc. I try to keep up on recent events, and do a deep dive in the web whenever a concept/term comes up that I don't know.

code of conduct - report abuse