Via Dana, an article linked from that discusses The Anatomy of a Hack. I've always found these types of exercises to be quite educational to those who aren't thinking about security.

It's one thing to tell someone about SQL injection, but I've found it always has a lot more impact when you show them exactly how it is done. Thinking like a hacker is the first step towards writing secure code. If you understand what the hacker is looking for, you can do a much better job of reducing the attack vectors.

As Dana said, it's good to see these kind of things get some publicity. (Also, I should point out both DDJ and MSDN are dedicated to security this month).

blog comments powered by Disqus