Security - Art, Passion and Character

Having Worked in Network Security for three years, I got addicted to attacks and VD. Though not a veteran, I would proudly say that I am Security Enthusiast. For studying or mastering security one needs to know internals of how things work. Security is not a technology or a silver bullet. In a broader perspective, security is way of life, place that cannot be achieved in this Information/Internet era.

Whenever, I get a chance to get connected with security aspects of life, I tuned myself. Rajkumar (colleague of mine) and I were browsing through some websites. Most of the websites have logic bombs in them. As far as a web application is concerned, it needs to take one thing seriously. Linux geeks used to say “Do onething. Do it well” and it greatly applies to Web. For web application, the quote should be “Do validation properly. Do it well”. Coming to back those web applications, they did something fundamentally wrong. We never tried XSS, SQL Injection and stuff like that. We simply played with input fields. Havoc…

Based on that we came out with a paper that talks about web application security. Personally, we don’t prefer to preach others. This paper is just a guideline for make better software. The time has come to build security in the product. No more, the security is a plug-in.

We will be presenting our paper in “Step Auto”, an International Conference on Software Testing, Process and Automation. More in the conference.