WebApp Sec mailing list archives
RE: Hacme Bank
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 15 Sep 2004 12:07:16 -0500
On Tue, 2004-09-14 at 08:31, Don Tuer wrote:
I understand that the Hacme site is intentionally buggy my point was that it's quite surprising that Mark sees these very basic errors continuing to be made by web developers. Basic training in the .NET platform and some on line reading will emphasize to the developer not to make these mistakes.
You don't travel much, do you? The fact that training and information is available does not mean that it will automatically be absorbed. Just the fact that a lot of developers are hard-pressed on meeting project deadlines doesn't usually leave time for them to attend training, and if it does, it's limited in time/scope. It typically takes an "external auditor" -- most of time requested by clients or business partners, or required by other business requirements -- to convince management to allow for more time and education of the developers for security related things. While overall the level of security awareness and competence is increasing, I think we're still a long way off from the desired goal. That raises the question, though, how we could measure that success. Perhaps an index of XSS vulnerable web sites? Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Hacme Bank Mark Curphey (Sep 09)
- Re: Hacme Bank Rush Molekilla (Sep 09)
- Re: Problem with Hacme Bank Install Martin Mkrtchian (Sep 09)
- RE: Hacme Bank Al (Sep 10)
- RE: Hacme Bank Don Tuer (Sep 13)
- Re: Hacme Bank Rogan Dawes (Sep 15)
- RE: Hacme Bank Don Tuer (Sep 15)
- RE: Hacme Bank Frank Knobbe (Sep 16)
- RE: Hacme Bank Don Tuer (Sep 13)
- <Possible follow-ups>
- RE: Hacme Bank Mark Curphey (Sep 10)
- RE: Hacme Bank raza (Sep 16)
- RE: Hacme Bank King, Stuart (REHQ-LON) (Sep 13)
- RE: Hacme Bank Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Sep 16)
- Re: Hacme Bank Jérôme (Sep 18)
- Re: Hacme Bank KrK (Sep 18)