Link Details

Most developers pay lip service to security, but there aren’t so many who actually take the time to actually secure their site. We usually leave it to the sys admins. Yes, those same sys admins who like to make our lives miserable by actually locking things down, not allowing us access and enforcing rules (how dare they!). But now, our web applications have become such a conglomerate of technologies such as ASP.NET, Ajax, Flash, Silverlight, SQL, WS-* and you name it that we’ve spread out our attack surface like icing on a cake. We need to reduce that surface as close to zero as possible. It’s not up to just the sys admins anymore, it’s up to us, the developers.