DevOps is a word that has been creeping into the Software Development Life Cycle (SDLC) lingo of late, and it's not one readily understood. Much like some new meme you missed when making coffee and upon your return are left wondering if everyone around you is speaking the same language, or fully compos mentis, it provokes sideways glances and fake nods of agreement. So, for arguments sake I am going to define the term today, and let this forever be the dictionary definition.
Last week I covered the general idea behind Cross-site Scripting (XSS), and this week I am going to get a little deeper into how you can prevent it happening to your web app or site. There are a number of tactics you can use to make your project a less attractive target, and even though it’s probably impossible to have a complex user app and be totally immune to XSS, you can at least be more difficult than the next guy. This gives you the added advantage of sending wannabe hackers towards easier pickings.
One of the good things about writing a weekly blog is the impetus it provides to keep studying different topics. This week Cross-site Scripting (XSS) is in the crosshairs, as it is of the most common security vulnerabilities in software (see chart below, sourced from the WHID. Essentially an attacker embeds a script on a page, which is then executed on the client-side rather than on the server-side. Typical client-side scripting languages are HTML and JavaScript, or even SVG.
Two weeks ago I covered the benefits of building a good team and how it pays off once you get over the initial hurdles, which require engendering a level of trust, ownership, and confidence in those around you. This week I want to focus more specifically on how using the right tools can aid and accelerate this process.
IBM is having another heart attack, HP is falling apart, and those crashing share prices are a dose of reality to those buy innovative companies and process them into a business unit shops. Now the bad ideas are getting shed and creative destruction continues in the marketplace. This darwinism is accelerated in software and technology because anybody with a computer can potentially wreck your business tomorrow morning. Your software becomes obsolete, your product antiquated, and your board members suddenly start a share buyback programme to support their stock options.