Web applications remain the largest security risk for any company. The reason is two-fold. First, most software services have moved to a web based environment giving malicious hackers a much larger landscape to attack. Second, most organizations put a majority of their resources, i.e. dollars and manpower, into network and perimeter security leaving the web unguarded. In most cases, it is up to the web developer to secure sites as best they can. Those who know how to patch known vulnerabilities in...
I recall a project I worked on a few years ago where I was tasked with overseeing the security of a website we were building. When I sat down with the chief programmer I wanted to discuss three types of vulnerabilities with him: cross-site scripting, SQL injection and information leakage. His response was simply, “I don’t know anything about this stuff and I don’t care. That’s your job.” While other web developers I have worked with aren’t generally so curt in their response, I have noticed...