Home arrow Services arrow News arrow Joomla arrow 3 tips for security

3 tips for security

Published on Saturday, 25 October 2008
Yet again the Joomla project teams have dropped the ball regarding a cross site scripting exploit. Instead of dealing with the apparent zero-day nature of the hole, they have used their political stoush to censor and limit discussion, even through the exploit is already in the wild.

In order to have a secure product, 3 specific rules are understood. These would be considered tips when designing and developing any internet based product. They are a mantra that should be drilled into any developer or designer.
  • No product is 100% secure
  • Due diligence in project management means you have to respond to zero-day exploits on the zero-day. Not a week or two later. Not a month later. Now.
  • Every time you find a security issue in your product, your customers have to know. Security through obscurity (in this case, obscurity being censorship) doesn't help your clients feel safe and secure.
Anything less and your clientele is not safe with your business. Sure, responsible disclosure must happen, but the patches have to be delivered immediately for zero day XSS attacks. I've dealt with CMS projects where the lead time for patch updates to XSS attacks have been between a month and 3 months. Educating their development staff, as well as their marketing teams, as to the nature of these holes is something that has to be done, otherwise their own clients suffer the consequences.
blog comments powered by Disqus
 

“It's all about one thing: creative problem-solving to get the story out.”

 :: 

Welcome to Absalom Media

Delivering web accessible websites

Absalom Media seeks to deliver industry best practice website usability and design for your budget.

As we are upgrading systems, login has been disabled.

Account management

As we are upgrading systems, account management has been temporarily disabled

What are you looking for?

Connect

Join us on Facebook

Follow us on Twitter

Talk to us on Skype

Generated in 0.39375 Seconds