应用安全编程 [英] Application Security Programming
问题描述
我很好奇 - 对于所有专业程序员来说,在应用程序安全性方面投入了多少精力和精力。你做了什么,你是如何实现的?你是如何/在什么时候开始学习安全性的?
对于学生来说,有多少人参加了编程安全课程,你找到了多少有用的东西?
I was curious - to all the professional programmers, how much thought and effort is put into application security. What did you do and how did you implement it? How/ at what point did you start learning about security?
For the students, how many of you have taken a programming security class, and how useful did you find it?
推荐答案
令人惊讶的是很少(考虑到我实际上在一个致力于安全的部门工作,这是不好的)......
我可能会责怪一些本能安全的代码[好像](虽然我确定在某些论坛中有一些非常错误的我的代码示例)。
强大的功能我们坚持编程安全课程(已经完成),我在我的办公桌上保存了一本安全编程手册(谁知道,有一天我可能会想读它)。
但是,更严肃的说明,我们(幸运的是)我们有一些非常有经验的高级工程师/开发人员/程序员。 (让我们再次开始那个)我们的团队。由于我的雇主相信ODC(正交缺陷分类),我们会检查(文件,不仅是代码),而Seniour Engies倾向于接受我们的大部分坏习惯(除非他们只是证明他们作为高级工程师的职位)并且无缘无故地挑选我的代码;))
Surprisingly little (which is BAD considering I actually work in a division dedicated to security)......
I might blame some of this on instinctively secure code [as if] (though I''m sure there are some very bad examples of my code in some of these forums).
The powers that be have insisted we do courses in programming securely (which have been completed), and I keep a Secure Programming Cookbook at my desk (who knows, one day I might be tempted to read it).
On a more serious note, though, we (thankfully) have some very experienced senior "engineers/developers/programmers" (let''s noit start that one again) on our team. As my employers believe in ODC (Orthogonal Defect Classification) we have inspections (of Documents as well, not only code), and the Seniour Engies tend to pick up on most of our bad habits (unless they are just justifying their positions as senior engineers and picking on my code for no reason ;) )
对于学生来说,有多少人参加了编程安全课程,以及你找到它有多大用处?
For the students, how many of you have taken a programming security class, and how useful did you find it?
实际上,在我的任何编程课程中,安全性从来都不是真正的讨论。我认为它非常有用。
Actually, security was never really a discussion in any of my programming classes. I think it would have been extremely usefull.
实际上,在我的任何编程类中,安全性从来都不是真正的讨论。我认为这将是非常有用的。
Actually, security was never really a discussion in any of my programming classes. I think it would have been extremely usefull.
是的,我的毕业级java课程中只是简单介绍了一下,我觉得这很令人惊讶。大多数安全技术指的是安全技术。 (除了接口和间接实例化的一般概念之外)我学到的是在那个课程之后......
Yeah, it was only briefly touched on in my grad-level java class, which I found surprising. Most of the "security techniques" (except for the general concepts of interfaces and indirect instantiation) I learned were after that class...
这篇关于应用安全编程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
