Thursday, April 10, 2008

Web Security Good Enough for Google

Web applications are gaining tremendous momentum, due in no small part to the fact that they can be available everywhere and to everyone. But that is a double-edged sword, since not everyone with an Internet connection is a "good guy".

Make no mistake: If you put an application on the Internet, someone will find it and try to break into it. If you think otherwise, you are only fooling yourself and putting your data at risk.

Google recently shared some of its security secrets at RSA Conference, which focuses on information security. The article is a bit scant on details and I'm hoping that more information about Scott Petry's session will become available, but what is there is still very valuable. Google's Vice President of Engineering, Douglas Merrill, also shared some security insight back in June of 2007.

There are two recurring themes in both of these articles, and I could not agree more strongly with them. First, security is something that the developer must have real knowledge about. Second, security is something that must be considered from the beginning and not tacked on at the end.

Learn about web security, and make sure you understand it. If you are developing web applications, you need to know this stuff.

And don't hesitate to use the tools available to help you secure your application. The Security Framework in Alpha's Application Server is a giant leap forward and can get you well on your way. Just remember to consider all potential attack vectors and address them.

No comments: