[Owasp-leaders] developers, Developers, DEVELOPERS!

Martin Knobloch martin.knobloch at owasp.org
Fri Dec 10 05:00:59 EST 2010


That's my point! I don't think that security is not sexy enough for
developers. They just don't know.
Therefore, I think (and that is what I put quite some time in) we  should
put some more effort in spreading the OWASP word in developer communities!

On Fri, Dec 10, 2010 at 10:38 AM, psiinon <psiinon at gmail.com> wrote:

> I'm a bit surprised by the perceived lack of 'sexiness' in security -
> my experiences differ from this.
> My background is in software development - I've been developing java
> webapps for 14 years now.
> I talk to a lot of developers and functional testers, and they care
> about the products they develop and they know security is important.
> They just havnt had any training. And most security websites not
> surprisingly deal with hacking or pen testing - these are somehow seen
> as 'dangerous' and are often blocked by corporate firewalls.
> So pen testing is 'forbidden knowledge', which _is_ sexy ;)
> I argue that you cant develop secure apps without knowing how to attack
> them.
> You dont have to be a qualified pen tester, but you need to know
> something of what the bad guys will do.
> To that end I teach basic pen testing techniques to developers and
> functional testers - and that seems to go down very well!
> This isnt an alternative to other training, static source code
> analysis, professional pen testing etc etc
> But I think it makes developers think about their apps in a different way.
> Its why I released the Zed Attack Proxy - I wanted a pen test tool
> that was simple enough for developers with little security experience
> to use.
> If they use it when coding then basic vulnerabilities might be picked
> up much earlier then they would be otherwise.
>
> Cheers,
>
> Simon
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/605d223b/attachment.html 


More information about the OWASP-Leaders mailing list