Software Quality and Security

Hello friends, it’s a while, a long while, today I am going to talk about software quality and security.

Web services are being penetrated in many ways every day, why?

One of the main reasons this is happening, is because most companies and software developers use open-source, ready-to-go, all included software to minimize the workload and hours needed as well as promote better deliverability times. But this poses threats, such as ‘everyone can get a copy of the code you are running’ and try to find vulnerabilities and ways to exploit it directly itself or the systems residing underneath.

Could this be prevented or at the very least harder for intruders to successfully penetrate? And if so, how?

I always hear the same argument about time equals money and quality costs. But there is always a middle ground solutions for such things. Many software houses who take their business seriously, create their own, custom software, tailor-made to their needs and their target-group (clientèle). They create the core system once and they use this core system on all on their projects, which means higher quality, higher security as the code is proprietary which results in the term “Security through Obscurity”, higher scalability and of course they are able to meet and handle custom client demands much more efficiently.

There are more benefits to this business model, such as, lower resources required as the software requires exactly what it needs to run, less development costs as it is custom and the developers working on it are fully familiar with the code and usually they do not need to re-write parts of it or create work-arounds to bypass issues, as well as keeping the staff highly technologically educated regarding the latest coding techniques, principles etc.

But there are downsides too, it costs more money to start this model, in other words you need to invest in your business model and in your team, takes more time for the 1st deployment, takes highly-skilled staff to develop it. But in the long-run it will become a very good investment versus the chaotic open-source approach, which is led by 3rd party communities and this year their software may suit your needs but the next one may not, or may not exist at all.

The final decision is yours, I personally as a software engineer, I take the custom approach, custom core system, use it on my all clients, constantly expanding it, the more I expand it, the less I need “ready to go” conventions.

Have a nice day!


CSRF attack

It’s been long since the last time I blogged but some things I took on were very time-consumptive, today we’ll talk about CSRF.

CSRF? What is that?

CSRF stands for cross-site request forgery, and it almost always leads to bad, nasty things. It can damage your bank account balance, it acts on your behalf on your website activities without your consent or you even knowing about it until it’s very late.

However, if a website has taken precautions about this type of attack such as CSRF one-time tokens, it’s renders the attack completely harmless because the web server will not accept the requests sent by 3rd parties.

For more details one good article I spotted is on: