One of the guys at work went to a few security conferences and he gave a quick talk about it. I took one of my co-workers along. He was quite shocked and awed afterwards. Novices normally never realize what potential security risks are and how easy it is to screw things up. Topics of the talk included XSS, SQL Injections, SideJacking and a dissection of a 0 day buffer overflow. There were plenty of demos. All in all, it was very interesting, even if you're already familiar with a lot of security issues.
Paying attention to security is like buying fire insurance. You may never need it, but if you do and you don't have it, you're in serious trouble. It's not an easy thing to explain to management. I've worked at several companies where there were serious pushes to deal with security, but always after the fire.
Re:Frustration
Beatnik on 2007-09-25T21:51:08
Luckily, we have a separate security department. They do stuff like training, pro-active security assesments, application security assesments, best practice documents, define security standards.. The works.Re:Frustration
Ovid on 2007-09-26T07:26:22
I'm envious!
:) Re:Frustration
barbie on 2007-09-26T11:22:55
If ever he's in Birmingham, he's welcome to come and us a talk;)
