Sunday, January 27, 2013

What’s your tensile strength?










A good programmer is someone who always looks both ways before crossing a one-way street. — Doug Linder


In a time when every product is developed with an unimaginable rush to deliver and market, how much time is really spent on security aspect of your product? Is security a thought thru and well integrated aspect in your application or is it really an after thought? Most of us know what the reality is! How many of you are still following traditional SDLC for project life cycles? Given the demand to deliver products with no time for proper planning or testing, unless otherwise security becomes a second nature to everyone in an organization, it is an impossible goal to achieve decent security across all your products.

You may have separate Information Security team, specialized in all security threats and tools to prevent them, you may have trained your architects and team leads in security matters once in few years, but the chain is only as strong as it’s weakest link! It only takes one flaw to give your entire infrastructure on a platter to be owned.


Saturday, January 26, 2013

A case for browser side standards





Steve Jobs can ban flash on Apple products, Google can discontinue supporting IE6 or 7, but how many of us can dictate the minimum requirements for accessing your websites?

I wasn't surprised when one my clients gave me requirements that the state of the art new financial portal must support IE6, in addition to supporting every other browsers out there, including iPad & iPhone. The senior executive wasn't shy about it when he said that we would support IE6 as long as there were at least one client using it. It sounds great from a customer service perspective, but does it really make sense from your organization's security standpoint? All we are discussing is just browser versions, how about the long list of protective (?) software on workstation, like firewalls, antivirus, anti-malware, anti spyware? What about the browser extensions? Are they providing protection or stealing data? What's at stake here? Is it not your organization's good name and your client's trust!

We all know how much money and effort is going on to fortify the web infrastructure, but the client workstations have remained to be the easy soft belly that hackers target. It is about time that we introduce to some industry client side standard for securing the future e-commerce!