Helping Developers Understand Security - Spot the Vuln
If you follow SANS Application Security blog (aka as the SANS Application Security Street Fighter blog) you know about an initiative focused on helping developers to understand security while having fun. Security challenges are a very didactic tool for this specific purpose.
The Spot the Vuln blog (by Brett Hardin & Billy Rios) "...uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning (8:00am PST) a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday (8:00am PST), a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications."
What about including these weekly challenges in your software security program, so that developers, development managers, and QA staff can test their source code analysis skills and enjoy security by solving them? This week challenge is about... Imagination.
Most challenges up to now have covered different programming languages (PHP, Java, JavaScript, ActionScript) and multiple security vulnerabilities (XSS, SQLi, LDAPi, RFI/LFI, CRLFi, redirections...).
----
Raul Siles
Founder and Senior Security Analyst with Taddong
www.taddong.com
Comments