6 years ago a guy looked at me face to face, and boldly told me; "I don't like you!" I immediately fired a response, I asked him that day; "Thank you for the honest feedback, but those that you like, how has it made their life better? How does your liking people pay their bills or take a bank loan? My brother keep your like, I need God's like And that's what guarantees my future. Today I joined a CEO friend of mine in an interview Panel to recruit some new staff, it was a long session, as we returned from a coffee break to continue the hectic interview session, here was this same guy walked in with his grey jacket and CV coming for the interview. Our eyes kissed by fluke, we immediately recognised each other; "the world is indeed spherical", I soliloquized. He felt very uncomfortable through out the interview, one could clearly see the volcanic eruption ongoing in his whole nervous system, he even mistook his date of birth for his last date of empl...
I like development more when I know my application will be subjected to a bigger audience either for tests or use. I bet every developer likes this at some point. I hate large numbers during development when the project itself is behind schedule though...because this is when you complete modules for ticks & gram and not fun.
Sucks.
So, networking...I liked it also because of exposure. Was exposed to this environment so much. I did lots of it. Later found out I was working with less and less materials. I had nothing, in terms of materials, outside Cisco (they really have cool h/ware). Freeware was hard to come by too. I hated dealing with hardware and being platform dependent. Among the nice features a s/ware is to have, platform-independence is one of them. We’ll need something that runs even on mars.
I kept the knowledge. Bumped into web development and liked it. Big user base..nice. Cross platform apps, sweet. In our last meet-up, we discussed about security and I had several tips on how to make your application air tight and still great to use. Sometimes compromise knocks. Note, there’s always more you can do than what I’m writing. We discussed:
l Input Sanitizing and Validation.
Casing an example, let’s say you want an ID number field. Is the field to accept numerics, alphabets, alphanumeric..and special characters? How many characters? What about html? Can it be same as email? Can it be pasted?
l SQL Injection.
This is a cool test hack method. How good are you fetching data? How often? How many pages are handling CRUD functions? Can you bypass data fetch?
l Parameterized queries.
This is where you break the query norm. Try to have staged queries. Have query statements separated. This is all about breaking down queries into chucks. MySqli & PDO is good at this.
l Folder/File access(read/write) rights.
Where and who can write? I use 0755 permissions for folders and 0644 for files. Works good for me.
Cache and temp folders are tricky to deal with. Test them nicely....
Read more at: https://patric.xyz/blog/152-application-security
Comments
Post a Comment
Your say...