Data that falls outside of an expected set of values can cause our application to yield unexpected results, for example violating business logic, triggering faults, and even allowing an attacker to take control of resources or the application itself.
Cade Cairns Cade Cairns is a software developer with a passion for security.
He has experience leading teams creating everything from enterprise applications to security testing software, mobile applications, and software for embedded devices.
Daniel is an advocate for immutable infrastructure and cloud automation as a vehicle to advance the state of secure agile delivery at Thought Works and in the industry at large.
The modern software developer has to be something of a swiss army knife.
(hint: we might...) Of course, like security, trust is not binary, and we need to assess our risk tolerance, the criticality of our data, and how much we need to invest to feel comfortable with how we have managed our risk.
In order to do that in a disciplined way, we probably need to go through threat and risk modeling processes, but that’s a complicated topic to be addressed in another article.Advocating for defining those requirements and identifying those threats is a worthy exercise, but one that takes time and therefore money.Much of the time developers will operate in absence of specific security requirements and while their organization grapples with finding ways to introduce security concerns into the requirements intake processes, they will still build systems and write code.Of course, you need to write code that fulfills customer functional requirements. Further you are expected to write this code to be comprehensible and extensible: sufficiently flexible to allow for the evolutionary nature of IT demands, but stable and reliable.You need to be able to lay out a useable interface, optimize a database, and often set up and maintain a delivery pipeline.In this Evolving Publication, we will: Security is a massive topic, even if we reduce the scope to only browser-based web applications.