Episode 128: Web App Security with Bruce Sams

Topics covered
Popular Clips
Episode Highlights
Horror Stories
Bruce Sams shares a series of developer horror stories that highlight common security pitfalls in web applications. One story involves developers who added a hidden parameter to a web app, allowing anyone to access administrator mode simply by appending "admin=true" to the URL. This oversight was compounded by the addition of inappropriate images on the corporate server, showcasing a lack of professionalism and security awareness 1. Sams emphasizes the importance of quality control, noting that such lapses can lead to significant vulnerabilities.
Common Pitfalls
Common mistakes among developers often lead to severe security issues, as illustrated by Sams' anecdotes. He recounts an incident where developers failed to remove default error messages from a web framework, inadvertently exposing administrative access to the entire system 1. Sams argues that both developers and production teams should collaborate to implement defense-in-depth strategies, as relying on a single line of defense is insufficient.
Related Episodes


Episode 427: Sven Schleier and Jeroen Willemsen on Mobile Application Security
Answers 383 questions

Episode 17: Feedback and Roadmap
Answers 383 questions

Episode 514: Vandana Verma on the Owasp Top 10
Answers 383 questions

SE Radio 568: Simon Bennetts on OWASP Dynamic Application Security Testing Tool ZAP
Answers 383 questions

Episode 47: Interview Grady Booch
Answers 383 questions

Episode 441 Shipping Software - With Bugs
Answers 383 questions
Episode-467-Kim-Carter-on-Dynamic-Application-Security-Testing
Answers 383 questions

Episode 541: Jordan Harband and Donald Fisher on Securing the Supply Chain
Answers 383 questions
Episode 172: Feature-Oriented Software Development with Sven Apel – Pt 1
Answers 383 questions

Episode 66: Gary McGraw on Security
Answers 383 questions

SE Radio 584: Charles Weir on Ruthless Security for Busy Developers
Answers 383 questions

Episode 20: Interview Michael Stal
Answers 383 questions

Episode 85: Web Services with Olaf Zimmermann
Answers 383 questions

SE Radio 642: Simon Wijckmans on Third-Party Browser Script Security
Answers 383 questions
Episode 173: Feature-Oriented Software Development with Sven Apel – Pt 2
Answers 383 questions














