[LINK] The Ethics (!) of Dodgy Web Designers
Adrian Chadd
adrian at creative.net.au
Tue Apr 17 15:08:33 AEST 2007
On Tue, Apr 17, 2007, Stilgherrian wrote:
> On 17/4/07 2:35 PM, "Eric Scheid" <eric.scheid at ironclad.net.au> wrote:
>
> > On 17/4/07 2:10 PM, "Stilgherrian" <stil at stilgherrian.com> wrote:
> >
> >> One question I've asked: Has the time come for regulated and enforceable
> >> "building codes" for websites?
> >
> > you mean more than the regulations regarding accessibility et al?
>
> Good question.
>
> I think I do, since one of the examples I blogged about was a web designer
> delivering a database-driven website that was vulnerable to really basic
> SQL-injection attacks. To me, that doesn't meet "fitness for purpose", as it
> cannot survive the environment in which it's going to be deployed.
>
> I'm thinking this is the same class of "failure" as delivering a piece of
> equipment for use on a ship that wasn't resistant to the corrosive effects
> of salty air.
I've found myself giving a few talks here and there on basic website software
security. Its all aimed at PHP and its all the basic stuff (include exploits,
SQL injection exploits, global variable substitution exploits, etc.)
Almost all of the people that have attended my little sessions were pretty
shocked - they didn't realise these things could be a problem.
I could put my latest PHP-related talk slides online if there was any interest.
(And, in a slightly more commercially-oriented mindset, I could always extend
the scope of these talks past the few ISPs I consult for and their webdesign
clients.)
Adrian
More information about the Link
mailing list