Today's lecture was quite an eye-opener to me. Till this week, I was another person among those millions who click on "Allow" or tick on "I Agree" blindly. No more. What shocked me down to reality was the spoof DBS site. I am an iBanking user and I would never doubt this site. It looked really authentic! (ASIDES : Just reminds me of this other site - http://www.google.com/ventures/ - one of my friends commented on. He gtalk tagline said - "Authentic spoof?" ... seems too good to be true =P )
Another interesting point brought up was that security is all about making sure the application does what should be done and ensures that what shouldn't be done is not done. Doesn't this mean the application must know what is my 'private' information? If we think about it, security is ultimately about making sure that your personal and private information makes rounds only in the right circles... but I guess what makes more sense was the intelligent quote brought up - which went something like "if you are on the internet, nothing is private!"
Another very important point that drove home was that security is only good at the weakest point! Don't leave windows open - no matter how many bodyguards you have outside the room. =)
Toan's MM stole the light away this week. SQL Injection. Luckily, his attempt didn't work as the name was read as a string. But certain important points about implementing some simple things which can go a long way to providing security was an interesting learn. We must understand security concerns and check input and check output to minimally take care of sql/code injection problems!
The software development section was crisp and nice. It was indeed interesting to note the underlying tone in the attitude adopted during a typical development process in a start-up. =)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment