Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
DollyPapper2017-09-01 20:35:50
Programming
DollyPapper, 2017-09-01 20:35:50

What does a programmer need to know about information security and who does it in production?

I’m just learning programming, and I don’t know if it’s worth reading something in information security. What does a programmer generally need to know about this area? threats. Some kind of application that works with the network, transmitting and receiving something. Here, in addition to local errors, there may also be network and database errors. Is a programmer obliged to write secure code? but at the same time, with the help of them it will be possible to carry out some kind of attack. And to know this, you need to be a good security guard. Or is everything much simpler?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
S
Sergey Andrievsky, 2017-09-01
@DollyPapper

Who is involved in building the architecture of the application in terms of security?

1.Chief programmer engineer!
2.Programmer!
3.QA tester !
4. User on beta or alpha testing!
5.Hackers if not lucky! (They also contribute to the protection of the system, then the hacker who hacked you once will force you to study your system and improve the protection parameters)
Each of the points is extremely important!

Report
A
amambaru, 2017-09-01
@amambaru

And what about millions of areas of programming?
But what about the ways of organizing work and the types / size of offices in the millions?
Somewhere (large banks) - there are separate services.
Somewhere - you're all on your own.
Somewhere in general hammer on it.

Report
A
Anvar Shakhmaev, 2017-09-01
@RxR

Most threats, such as stack overflows or heap overflows in modern programming languages, throw exceptions. Hosters can take care of DDOS protection or you can use ready-made solutions. Many types of attacks and vulnerabilities that could be implemented/exploited 10 years ago will not work today - use all the most modern ones. You need to know information security at a superficial level, otherwise your applications will be vulnerable to sqli, csrf, xss, ddos ​​attacks and other things, although even a schoolboy can solve such security problems.

Report
C
CityCat4, 2017-09-01
@CityCat4

In production, all of a sudden, information security specialists do this :) Accordingly, a programmer needs to know exactly as much about information security as it is written in the corporate security policy, if it exists, or as much as a local information security specialist can tell (if there is no separate one, then usually the administrator). If there is neither one nor the other nor the third - well, then it means everyone just ... th.

Report
S
ser-storchak Sergey, 2017-09-28
@Storchak

Read about writing secure code. Each language has its own standards (example for C++ ).
I also recommend reading about common security weaknesses in applications ( Common Weakness Enumeration, CWE ).
And finally, get acquainted with the life cycle of secure software development (Secure Software Development LifeCycle, SSDLC): Recommendations in the field of standardization of the Bank of Russia RS BR IBBS-2.6-2014, MS SDL, OWASP Secure SDLC Cheat Sheet.

Similar questions
S
sasvak2017-09-05 23:29:46
Is there a site for co-solving programming contests? 0Reply
S
sasvak2017-09-08 23:54:29
Where can I promote a programming contest? 2Reply
D
Dmitry2017-09-11 13:55:55
codewars not working. What to do? 0Reply
V
Vignore2017-09-13 05:59:13
Why is the project being re-built? 1Reply
A
Alexander2017-09-17 14:00:02
Is it possible not to learn JavaScript? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question