Agreed completely. Most programmers do not give a damn to security and most books do not stress (or even at least mention) it enough. :-(

<div mode="Oh well">We (Prague office of Monster Worldwide) are currently hiring and give the potential employees a test (in ASP or ASP.Net since that's what most of the development is done in :-(
A simple form to be validated and submited into a database. None of the ones using ASP ever escaped the data printed into <input type="text" name="..." value="HERE"> when redisplaying the form in case of a validation error, 80% of them insert the data into database by building an INSERT SQL statement containing the form data and none of those cared to escape the data.

And at the same time most of them have (according to their CVs) several years of experience with web programming :-(</div>

Jenda
Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.
   -- Rick Osborne

Edit by castaway: Closed small tag in signature

In reply to Re: Re: Security - Perl or PHP? by Jenda
in thread Security - Perl, PHP or ASP? by webstudioro

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.