Web App Sec Cheat Sheets

I’ve never been one to use my blog to link to vendors and or their products but I received an email last week that was intriguing enough to get me to take a further look. I liked what I saw and decided to pass it on. It’s nothing earth shattering or new just some good ole common sense that we can pass on. One thing that I have come to realize as I work more and more with developers is that there really is a lack of understanding in how to write secure code. It’s not taught in school and many businesses and development shops are more focused on getting code written and out the door. As a result of this we see the same basic things pop up again and again and again. At work we see this as we review new code that is hoping to be put in production. SQLi, XSS, XFS, etc.… it’s like security groundhog day. You find it, get it fixed, tell the developers how to avoid it and start all over again. Much of this is due to developers being project oriented and many time they are contractors who come in long enough to write their piece and then move on. So what you taught them may never come to fruition for you.

Anyway, Veracode has put together 5 cheat sheets on common coding issues and they are pretty decent. They explain the problem, what it does, why it’s bad and give you some tips on how to avoid it in your code. There is also video and sample scripts and code for you to look at. It may not be anything for you but it is something that you can pass on to the developers that you support or work with. Who knows it may save you some time and headache as the number of issues is reduced because you took the time to pass this on.

• SQL Injection: http://www.veracode.com/security/sql-injection
 Cross Site Scripting: http://www.veracode.com/security/xss
• Cross Site Request Forgery: http://www.veracode.com/security/csrf
• LDAP Injection: http://www.veracode.com/security/ldap-injection
 Mobile Code Security: http://www.veracode.com/security/mobile-code-security


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s