Comments on: Can you just ‘build’ a web application? http://www.wisdump.com/web-programming/can-you-just-build-a-web-application/ Dumping wisdom on design and the web Sat, 17 Jul 2010 06:43:49 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Spooky http://www.wisdump.com/web-programming/can-you-just-build-a-web-application/comment-page-1/#comment-8109 Spooky Mon, 28 May 2007 15:22:04 +0000 http://wisdump.com/?p=345#comment-8109 I suppose I should have covered more that when you are building your engine and features, it would be smart to use security functions with whatever language you are using, although in a general sense, when creating an application, say in PHP, and you have been doing it for some time you would know that a textarea viewable to the public should receive htmlspecialchars() and other functions of choice, and when you hit the beta testing stage it will (hopefully) catch errors and security holes. If you were neglectful from the start, a beta test will still open your eyes. Am I right? I suppose I should have covered more that when you are building your engine and features, it would be smart to use security functions with whatever language you are using, although in a general sense, when creating an application, say in PHP, and you have been doing it for some time you would know that a textarea viewable to the public should receive htmlspecialchars() and other functions of choice, and when you hit the beta testing stage it will (hopefully) catch errors and security holes. If you were neglectful from the start, a beta test will still open your eyes.

Am I right?

]]> By: Chris Gross http://www.wisdump.com/web-programming/can-you-just-build-a-web-application/comment-page-1/#comment-8108 Chris Gross Mon, 28 May 2007 03:47:03 +0000 http://wisdump.com/?p=345#comment-8108 Ryan, some fantastic points here. However, I have to agree with Daniel here on the point that security should be designed in from the beginning. Ryan, some fantastic points here. However, I have to agree with Daniel here on the point that security should be designed in from the beginning.

]]> By: Daniel http://www.wisdump.com/web-programming/can-you-just-build-a-web-application/comment-page-1/#comment-8106 Daniel Sun, 27 May 2007 02:26:40 +0000 http://wisdump.com/?p=345#comment-8106 I disagree with your mention of security at the prerelease and release stage, and here is why: - Security should be designed in from the beginning - Whilst you mention designing the application with the user in mind, this is where security should also feature - With every use case, there needs to be a mis-use case - Security is not a bolt-on at the end, this is why Web 2.0 is a massive insecure mess and more sites are getting attacked. Developers need to think more like attackers when it comes to designing and deploying their applications, especially since it helps them understand how the application will be mis-used. Daniel http://owasp.org I disagree with your mention of security at the prerelease and release stage, and here is why:

- Security should be designed in from the beginning
- Whilst you mention designing the application with the user in mind, this is where security should also feature
- With every use case, there needs to be a mis-use case
- Security is not a bolt-on at the end, this is why Web 2.0 is a massive insecure mess and more sites are getting attacked.

Developers need to think more like attackers when it comes to designing and deploying their applications, especially since it helps them understand how the application will be mis-used.

Daniel
http://owasp.org

]]> By: Cody Fisher http://www.wisdump.com/web-programming/can-you-just-build-a-web-application/comment-page-1/#comment-8107 Cody Fisher Sun, 27 May 2007 01:12:47 +0000 http://wisdump.com/?p=345#comment-8107 First off, It's good to know that you got accepted as a new Wisdump blogger and I look forward to reading your posts. I have actually been planning on doing a couple web applications in the future (I don't really know what yet) and I believe everything you said will help build a good, useful system. Beta testing is always a great idea because, like you said, it allows you to get rid of all the bugs and keep the system in good shape throughout the time it is being used. First off, It’s good to know that you got accepted as a new Wisdump blogger and I look forward to reading your posts. I have actually been planning on doing a couple web applications in the future (I don’t really know what yet) and I believe everything you said will help build a good, useful system. Beta testing is always a great idea because, like you said, it allows you to get rid of all the bugs and keep the system in good shape throughout the time it is being used.

]]> By: 01010 http://www.wisdump.com/web-programming/can-you-just-build-a-web-application/comment-page-1/#comment-8105 01010 Sat, 26 May 2007 18:33:52 +0000 http://wisdump.com/?p=345#comment-8105 Sounds like good advice, Ryan. You say "There is this new thing in Web 2.0 that is called usability". I thought that had disappeared a lot with all the huge bandwidth, ajax and javascript messes around the place, although the big fonts are great. Hopefully by web 3 usability will be completely commonplace ;-) Sounds like good advice, Ryan. You say “There is this new thing in Web 2.0 that is called usability”. I thought that had disappeared a lot with all the huge bandwidth, ajax and javascript messes around the place, although the big fonts are great. Hopefully by web 3 usability will be completely commonplace ;-)

]]>