Startup Security

Just a quick note that I’m going to begin posting content on this blog again. I continually come across common issues in web applications and feel there should be a place where startup developers can come for good reading on basic info about web application vulnerabilities and how to prevent them.

That said, I will have upcoming posts about Cross-Site Scripting/Request Forgery, SQL Injection, and possibly some recorded demos I’ve given on the past showing just how easy it is to use such vulnerabilities to take advantage of a web site.

Welcome, to the Startup Security blog.

This site is intended to become a resource for developers and others involved in a startup organization for information about security. As I’ll post in the coming days, there are a number of concerns I have about integrating security into the development lifecycle. While this is a common trend in large organizations, regardless of the development model used, it is less common in the startup world where development teams may only be composed of a couple people.

In this blog, I’ll post information about problems I’ve come across on live sites, information on secure coding, and talk about tools that can be used to not only help make security easier, but sometimes aid in the debugging of applications as well.

In addition to the technical nature of security, I’ll also discuss some of the regulatory and compliance issues a startup should be aware of. Software as a Service is popular model, but it comes with its own set of risks as well.

So welcome, startup folk. I hope you find this site useful and please let me know if there is anything in particular you would like to see discussed. In the coming days I’ll be updating various things, but it’ll settle down soon.