Published Sep 3, 2019

Episode 128: Web App Security with Bruce Sams

Bruce Sams delves into web app security, sharing vivid developer horror stories that highlight security pitfalls and emphasizing the importance of web security frameworks like Hibernate and web application firewalls in safeguarding against vulnerabilities and zero-day exploits.
Episode Highlights
Software Engineering Radio - the podcast for professional software developers logo

Popular Clips

Episode Highlights

  • Horror Stories

    Bruce Sams shares a series of developer horror stories that highlight common security pitfalls in web applications. One story involves developers who added a hidden parameter to a web app, allowing anyone to access administrator mode simply by appending "admin=true" to the URL. This oversight was compounded by the addition of inappropriate images on the corporate server, showcasing a lack of professionalism and security awareness 1. Sams emphasizes the importance of quality control, noting that such lapses can lead to significant vulnerabilities.

       

    Common Pitfalls

    Common mistakes among developers often lead to severe security issues, as illustrated by Sams' anecdotes. He recounts an incident where developers failed to remove default error messages from a web framework, inadvertently exposing administrative access to the entire system 1. Sams argues that both developers and production teams should collaborate to implement defense-in-depth strategies, as relying on a single line of defense is insufficient.

Related Episodes