Computer Security: better code, fewer problems

The origin of many security incidents is negligence or unintentional mistakes made by web developers or programmers. In the rush to complete the work, due to skewed priorities, or just to ignorance, basic security principles can be omitted or forgotten.


The resulting vulnerabilities lie dormant until the evil side spots them and decides to hit hard. Computer security incidents in the past have put CERN’s reputation at risk due to websites being defaced with negative messages about the Organization, hash files of passwords being extracted, restricted data exposed… And it all started with a little bit of negligence!

If you check out the Top 10 web development blunders, you will see that the most prevalent mistakes are:

  1. Not filtering input, e.g. accepting “<“ or “>” in input fields even if only a number is expected.
  2.  Not validating that input: you expect a birth date? So why accept letters?
  3.  Mistakes in session management, authentication and authorisation, e.g. when dealing with “cookies”, “tokens” or custom encryption.

There are plenty of possibilities to screw up, but there is no need to. Following a small number of quick and easy steps can make your web application watertight and secure. Learn how to prevent security incidents from happening by following a dedicated hands-on course on “Developing Secure Software”. The next course is scheduled for 14 March and there are still a few places left, so sign up quickly…

Once you have followed that course and are longing for more, the CERN Computer Security team, together with a world-renowned “white hat” from the IT/CS Network Team, are providing in-depth training courses on penetration testing and vulnerability scanning. So far, more than 100 people have joined our hands-on training. Do you want to become a hacker too? Sign up now!


For further information, questions or help, check our website or contact us at

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report

Access the entire collection of Computer Security articles here.

by Stefan Lueders, Computer Security Team