Secure Web Developers Needed!
You’re about to launch a new website? Cool!! With today’s web programming languages like PHP, Java, Python or Perl, complex websites can be created, easily fulfilling all your use cases. But hold on. Did you ever think about how easily this can be abused? Attackers today are already using automatic tools which can quickly and easily find and exploit vulnerable web applications.
Web applications often suffer from security vulnerabilities, i.e. design flaws or programming bugs that remained undetected during the whole software development cycle. In production these vulnerabilities become security holes, providing an opportunity for exploitation, and can pose immense security risks (and there is no reason to believe that CERN is immune to this). The costs associated with eliminating these bugs could be loosely described by the "1:10:100 rule", i.e. the relative costs for fixing are 1:10:100 for fixing them in the programming:testing:production phases. Thus, the earlier that vulnerabilities are detected, the cheaper it is to fix them. This also prevents a bug from being exploited.
So, are you keen to become a secure web developer? You are invited to join one of the following training courses:
* Securing Java and Web Applications
* Securing PHP Web Applications
These courses are intended for people who spend the majority of their time programming web applications and already have a good understanding of the particular language in use. The CERN Training service offers other courses on secure programming too. Just visit this page for more details.
For further information, please check our web site or contact us at Computer.Security@cern.ch.
