Re: [SC-L] market for training CISSPs how to code (Matt Parsons)
On Mar 18, 2010, at 02:17, ljknews wrote: Scripting languages should not be used for security-sensitive programs. And your evidence for this statement is? Stephan ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] market for training CISSPs how to code (Matt, Parsons)
Hi all, We are drifting a bit away from my question but here is a forked question: Who says so, in the context of web applications? I can see it (somewhat) from a desktop application perspective, but how is this relevant in web apps? Cheers! Date: Wed, 17 Mar 2010 20:17:05 -0500 From: ljknews ljkn...@mac.com To: sc-l@securecoding.org Subject: Re: [SC-L] market for training CISSPs how to code (Matt Parsons) Message-ID: p05200f26c7c72f5b9...@[146.115.107.213] Content-Type: text/plain; charset=us-ascii At 7:27 PM +0200 3/17/10, AK wrote: Regarding training non-developers to write secure code, what are the circumstances that a non-developer would create code that would *require* security? I am assuming that system administrators know the basics of their trade and scripting language of choice so security there is taken care of Scripting languages should not be used for security-sensitive programs. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] market for training CISSPs how to code (Matt, Parsons)
At 7:36 PM +0200 3/18/10, AK wrote: Who says so, in the context of web applications? I can see it (somewhat) from a desktop application perspective, but how is this relevant in web apps? Why should standards for a web application be different than for a desktop application ? -- Larry Kilgallen ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] market for training CISSPs how to code
I have been a programmer and a security analyst for a few years now. When I first started developers told me I didn't know how to code good enough and CISSP's told me I didn't have enough security experience. Has anyone had any success training CISSP's and non programmers how to write code securely and train developers how to become CISSP's and learn how to penetration test? If not does everyone think that there would be a market for such training? Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office Do Good and Fear No Man Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1...@gmail.com http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting http://parsonsisconsulting.blogspot.com/ http://www.vimeo.com/8939668 0_0_0_0_250_281_csupload_6117291 untitled image005.jpgimage006.jpg___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] market for training CISSPs how to code (Matt Parsons)
Hi, Regarding training non-developers to write secure code, what are the circumstances that a non-developer would create code that would *require* security? I am assuming that system administrators know the basics of their trade and scripting language of choice so security there is taken care of BUT I fail to see other scenarios where code that would be used more than a one-off is developed by non-programmers. Additional insight would be much appreciated :) Message: 1 Date: Tue, 16 Mar 2010 21:37:03 -0500 From: Matt Parsons mparsons1...@gmail.com To: owaspdal...@utdallas.edu [snipped]I have been a programmer and a security analyst for a few years now. When I first started developers told me I didn't know how to code good enough and CISSP's told me I didn't have enough security experience. Has anyone had any success training CISSP's and non programmers how to write code securely and train developers how to become CISSP's and learn how to penetration test? If not does everyone think that there would be a market for such training? ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___