tag:blogger.com,1999:blog-27380923.post115309189198267303..comments2022-04-07T00:06:55.658-07:00Comments on Yet Another Infosec Blog: Weekend Pentestryanhttp://www.blogger.com/profile/05352225670495281525noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-27380923.post-1153245703388644022006-07-18T11:01:00.000-07:002006-07-18T11:01:00.000-07:00I'm with you on this one Araz. Implementing code a...I'm with you on this one Araz. Implementing code and then having it looked at is not the most effective stance for security. Educating users on security is a far stronger defense. However, this raises an interesting question. <BR/><BR/>The friend I'm talking about DID implement input sanitizing to defend against xss and sql-injection. In my opinion, attack techniques are not the 'security fundamentals' we should be educating users on. Best practice fundamentals and more generic security principles IMHO are a more important lesson for web developers. If we get them thinking security, they'll learn the basic defenses on their own... hopefully.ryanhttps://www.blogger.com/profile/05352225670495281525noreply@blogger.comtag:blogger.com,1999:blog-27380923.post-1153217867029100022006-07-18T03:17:00.000-07:002006-07-18T03:17:00.000-07:00When it comes to web-programmers, I think they sho...When it comes to web-programmers, I think they should learn some fundemental points about secure coding. A short manual about secure coding is enough for a php or asp.net web developer (sql-injection, XSS, ...) - [just consider C]. I think working on php codes by a security professional like you and securing it is wasting time because the prevention requires a little effort.Anonymousnoreply@blogger.com