Oh yay ... something else to learn <rolls eyes upwards>
Pete (aka lad4bear)
On 23/08/05, John Farrar <[EMAIL PROTECTED]> wrote:
Well, it seems to me our general ignorance on things like P3P (which I just
learned about this year) show there are issues like privacy that we are not
up to the mark on either. There are many times when people cannot even shop
on some sites because of their lack of a P3P policy!
John Farrar
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of Cameron Childress
Sent: Tuesday, August 23, 2005 4:14 PM
To: [email protected]
Subject: RE: [CFCDev] OT: ColdFusion Security : oWasp Top Ten
> agreement on security practice. My question is you sighted CF...
> so is there a language that is not dominated by many developers writing
insecure
> software? (Web or otherwise?)
No, there isn't, but in most other mature languages there is a focused
education effort by security consulting firms, software makers, and tools
companies to teach Software Security with that language specifically in
mind. Admittedly, there are some things we worry a little less about (ie:
buffer overflows) that are rampant in other languages, but that's no excuse
for zero security education.
I actually suggested a security talk for MAX this year but it was not
approved. Usually the deepest into software security Macromedia goes is
"here's how to use CFLOGIN" or "just put that cross site scripting thingie
in your CFAPPLICATION tag and you will be all good".
I really have been wanting to build out a guide and have been gathering
things for some time for one, I just haven't had the time to finish it up.
-Cameron
-----------------
Cameron Childress
Sumo Consulting Inc
http://www.sumoc.com
---
cell: 678.637.5072
aim: cameroncf
email: [EMAIL PROTECTED]
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com).
CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm
An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com).
CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm
An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
