WebApp Sec mailing list archives
Re: Secure Coding for Newbies?
From: Alex Russell <alex () netWindows org>
Date: Mon, 28 Oct 2002 12:51:28 -0600
On Monday 28 October 2002 09:47, Michael R.Bagnall wrote:
I really don't think that this list is the place to debate what is a "good" or a "bad" language for web applications.
Hmm... I dissagree. The security posture you start with (i.e., the posture that the tools you choose grandfather to you) makes a hell of a lot of difference when it comes to producing a secure app. The less work that's needed to make an app secure, the better since it means there are fewer oppourtunities to screw up. Developers who want to write secure code need to face the fact that at some point they are beholden to the averages, and any tool that makes those averages better is a Good Thing (TM). We can probably debate the feature-based merrits of languages until we are blue in the face, and I agree that wouldn't be a relevant discussion here. However, discussion of language choice WRT to how it impacts security is most assuredly on-topic. A good craftsman will never blame his tools, but a good craftsman is also going to choose the tools that make his life better. Would you really trust a plumber that showed up and asked to borrow whatever wrenches you had laying around? -- Alex Russell alex () SecurePipe com alex () netWindows org
Current thread:
- Secure Coding for Newbies? Joe User (Oct 28)
- Re: Secure Coding for Newbies? Kevin Spett (Oct 28)
- Re: Secure Coding for Newbies? Jeff Williams @ Aspect (Oct 28)
- Re: Secure Coding for Newbies? Michael R . Bagnall (Oct 28)
- Re: Secure Coding for Newbies? Alex Russell (Oct 28)
- Re: Secure Coding for Newbies? security (Oct 28)
- Re: Secure Coding for Newbies? Dave Aitel (Oct 28)
- Re: Secure Coding for Newbies? Dan Cuthbert (Oct 28)
- Re: Secure Coding for Newbies? zeno (Oct 28)
- Re: Secure Coding for Newbies? Kevin Spett (Oct 28)