Voir en

français

Computer Security: better code, fewer problems

The origin of many security incidents is negligence or unintentional mistakes made by web developers or programmers

|


 

The resulting vulnerabilities lay dormant until the evil side spots them and decides to hit hard. Computer security incidents in the past have put CERN’s reputation at risk due to websites being defaced with negative messages about the Organization, hash files of passwords being extracted, restricted data exposed… And it all started with a little bit of negligence!

If you check out the Top 10 web development blunders, you will see that the most prevalent mistakes in web development are:

  1. Not filtering input, e.g. accepting “<“ or “>” in input fields even if only a number is expected.
  2. Not validating that input: you expect a birth date? So why accept letters?
  3. Mistakes in session management, authentication and authorisation, e.g. when dealing with “cookies”, “tokens” or custom encryption.

There are plenty of possibilities to screw up, but there is no need to. Following a small number of quick and easy steps can make your web application watertight and secure. Learn how to prevent security incidents from happening by following a dedicated hands-on course on “Developing Secure Software”. The next course is scheduled for 14 March and there are still a few places left, so register quickly…

Once you have followed that course and are longing for more, the CERN Computer Security team together with a world renowned “white hat” from the network team are providing in-depth training courses on penetration testing and vulnerability scanning. So far, more than 100 people have joined our hands-on training. Do you want to become a hacker too? Sign up now!

 

For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report


Access the entire collection of Computer Security articles here.