Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

1 security – what every programmer needs to know

August 18th, 2007 · No Comments ·

When talking about secure programming it is probably wise to define three terms:

errors can be described as mistakes made by the programmer when designing and coding software;
bugs (often also called faults) are manifestations of these errors in designing and coding of software ==> these faults might result in failures or malfunctioning of a program, and finally,
failures that are deviations from program specifications

When wanting to improve secure programming skills and knowledge, the above is the starting point for most programmers. But things get a bit more complex than this.For instance, certain programming languages might be less prone to errors, faults and failures when looking at the code. Recently, web applications including- AJAX (Please click on the link, Login as guest – click on this link again and voila free access),- ActiveX controls, and- Web 2.0

are ever more extensively used to provide web-based services. In turn, web security is becoming an ever more important challenge to assure trust and confidence levels needed for encouraging the uptake and use of such services.

The presentation I attended yesterday could have also been titled something like:

– How to Convince Your Boss about the Risks and Threats the Firm takes ignoring Web Security

But Nail Daswani chose to use (see his slides):

2007-08-17 – Neil Daswani – presentation at Google offices in Zurich – What Every (Software) Engineer Needs To Know About Security — and — Where To Learn It

probably a better title than the one I suggested above.

Have a look at these slides. They are really helpful to technical folks like yourself trying to make things a bit clearer to decision-makers…. what it is all about and what might happen if we continue being a bit sloppy if not outright careless.

The presentation provides a very nice list of resources including books and university programs that can help one to improve one’s skills and knowledge about more secure programming. What one might have liked as well is to get some references to European sources regarding the learning and educational part of the above presentation. There are many available including but not limited to:

Oulu University Secure Programming Group

ESAT, Laboratoire de virologie et de cryptologie

Regardless of my comment that might suggest the presentation had a slight U.S. focus, CHECK OUT THE SLIDES, it is worth your effort and will provide you with arguments you are crying for in order to convince your boss that things must change.


A slighly older version of Neil’s presentation he gave in Zurich was taped in July 2007 in California. You can watch the video here:

2007-07 – Video of presentation and slides – Neil Daswani — What Every Engineer Needs to Know About Web Security and Where to Learn It

Shortly we will also review Neil’s book:

Daswani, Neil, Kern, Christoph, & Kesavan, Anita (2007). Foundations of security – what every programmer needs to know. Berkeley, CA: Apress.

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.


→ No CommentsTags: anita · apress · christoph · daswani · kern · kesavan · neil · programmer