July 30th, 2009 by s3ctrzr0

I like to thank Security B-Sides for inviting us to their con here in Vegas.  We did cut out early to pick up our Defcon badges but we had the pleasure of meeting the gang and also another great security professional from Ireland, David Rook. You can check him out at his blog “Security Ninja Blog“.

It was great to hear the Chinese Proverb “Give a man a fish and you feed him for a day, teach a man to fish and you feed him for a lifetime” in a presentation that describes web application security. As David explained a new way of seeing this in action would sound like this “Teach a developer about vulnerability and he will prevent it, teach him how to develop securely and he will prevent many vulnerabilities”.

This got me off my seat and I was ready to get on the phone to my web developers, but that can wait till I get back to San Francisco.

As he mentions the common habits of application developers is to review and fix common vulnerabilities and that they should develop securely as a whole. David explains the principles of secure development and broke it down to 8 easy to digest categories:

1. Input Validation
2. Output Validation
3. Error Handling
4. Authorizations
5. Session Management
6. secure Communication
7. Secure Storage
8. Secure Resource Access

Please visit his blog for more great security habits on how to fish securely in web application development.