In one of my past roles, I worked on a security standards document with a vendor. This document covered off on various holes that were found in a pretty tight operation. The most glaring omission, as discovered by a security service: SQL injection attacks could be possible. I wasn’t concerned, as stored procedures were a standard. Besides performance, there are strong security considerations.
One of my (past) properties endured a minor SQL injection attack. Issue? No protection within the application. As I explained to a coworker, you can implement protections at the network or server level, but ultimately, the application is culpable.
Follow standards. Reduce the chance a client (internal or external) will have problems. Those that can’t quite grasp this concept will suffer the consequences.
0 Responses to “Why follow standards?”