This past week, I completed the first part of my talks on Security Coding: Best Practices at my work place. I didn't get as much covered as I had hoped, but we will continue next week.
The talk was about the various ways a hacker can attack a site on the internet. We dealt with the common threats, and then dived into some developer specific issues such as buffer overruns and cross-site scripting. We spent a long time talking about buffer overruns and the serious problems they cause (as evident recently with the latest security fixes from Microsoft). Although buffer overruns are essentially a thing of the past with managed code, the client site I work for still has thousands of lines of C++ code, so it is still a big issue.
The talk went well, and both the developer and QA departments were interested in how to better code against and test security threats.
