When you ask about secure coding to any developer , you might get different answers and it might be bit flakky. OWASP on other hand gives us a shared vocabulary based on which we can talk about and elaborate. It tells ways to implement secure coding in our project.
Some of you might think that I don't have that much data. My project is not that level, I don't even think I'm a target. Well, How about this? A small breaches account for $4M per incident. Sure, that $4M will not come out of your pocket as a developer. But, how would you feel if your name is attached to the commit that introduced the vulnerabilities. Then you might argue what about firewall blocking those request , how about peneteration test that could have caught the actual issue from causing and what about code review must have missed it , so on and so forth. We are tangled into when and how did this happen? Right, The truth is can't patch your way out of being hacked. You can't know all the risks and you can't rely on someone to take care.
When database for sotware vulnerabilies was created in 1999 only 894 unique vulnerabilities was documented and filed. Now, last year alone they have added 20K+ unique vulnerabilities, with this there is a way to handle these vulnerabilities with confidence with ever evolving risk landscape to get ahead and stay ahead. And that's what OWASP open web application security project, does the best. It is community of developers and security professional who creates a useful and cleary organised projects providing solutions for many common problems and application security. OWASP provides top 10 lists every year, ranking and categorising risks and knowing those risks as a good starting point. OWASP provides list of general controls that should be implemented in every projects.
No comments :
Post a Comment