Saturday, February 20, 2010

Spotthevuln a nice way to learn security.

Spotthevuln.com was designed to give developers more insight into designing code with security in mind.

When developers write source code they rarely think about security.

After insecure code is deployed, one of two things can happen.

  1. The bug can be found, in which case the developers have to waste development time in order to rewrite their solutions.
  2. The vulnerability is exploited, and the organization loses money, consumer trust, and can gain a negative reputation to their brand.

These problems can be avoided if the developers wrote the code correctly (securely) the first time.

Spotthevuln.com can aid developers, development managers, and QA staff by helping them sharpen their skills in spotting vulnerabilities in source code.

Spotthevuln.com use actual code snippets from open source applications to demonstrate how often vulnerable pieces of code get deployed into the real world.

The purpose is simple:

  • Every Monday a vulnerable piece of code is posted.
  • Every Friday the solution is posted.

On Monday, look at the piece of the code to see if you can identify what the security vulnerability is. Like everything else being able to spot vulnerable code takes practice.

Doing this exercise should take between 5 and 10 minutes out of your day. Do it while you drink your morning coffee and you will already be on your way to being able to write more secure applications.

The more secure code is, the better off we will all be.

No comments: