Ten years old but still up-to-date: Ten Tips for Designing, Building, and Deploying More Secure Web Applications

9 November 2015

Although the “Ten Tips for Designing, Building, and Deploying More Secure Web Applications” were published on 7 September 2005 the list still up-to-date.

I am discussing in particular tip 2 “Services Should Have Neither System nor Administrator Access” for years with internal developers and software vendors.

We have this under control in the case of in-house developed products, but many software vendors are still not ready to meet minimum security requirements. Very often neither the account name nor the password of service accounts can be changed, and this holds even on newly developed products.

This makes a regular password change for service accounts impossible. And extra effort is required to secure such systems once the account information is compromised.

Hopefully your systems meet the requirements and, the mentioned software versions are no longer in use.

Have a good week.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s