Is Security a top priority to you when coding?

[scottyxx]

These days even the biggest companies are getting hacked and exploited. This can be due to either an large effort from a hacker, or an error or oversight in the original design.

Things like SQL Buffer Overflow, are old hat to hackers, and yet they keep on happening. This leads me to ask, as a website developer, is security one of your top concerns? Or do you assume that your web-host's security is enough? Do you actively try and prevent Cross Site Scripting, or do you just respond to incidents as they happen?

 

[bauss]

No it's not. The top priority is getting everything to function correctly, and to make sure the code is well organized. It's very easy to fix security flaws in scripts, and prevent SQL injection.

 

[Chohannes]

It all depends on what you are working on. If you are working for a big company that is targeted by hackers you might want to get security get going before all of the functionality. If you are just designing for personal use you do not generally need to care for security as much. You can do that later when you are done with all the features.

 

[Lee]

I work from a security point first, then to a functionality point. I don't want my members becoming caught out because of something I didn't do correctly from the get go.

 

[aditk8149]

It is after the time when the application is developed, I don't think, when coding, I need to be that cautious regarding security.
If the hackers are doing these kind of activities, one should be really concerned about the same!

 

[scottyxx]

Even down to the coding level you should be secure. Is my code vulnerable to input exploitation? Where are my arrays / lists stored and outputing too? Am I storing login and passwords in plain text to connect to Dbs? Infact, OWASP, the Open Web Application Security Project, has come up with a set of rules and standards to try and secure web coding: https://www.owasp.org/index.php/Main_Page

 

[w3bm4st3r]

I actually don't concern myself with web security at all. None of the websites I've developed store personal information of me or my viewers and the only data that I would protect would be the coding itself, which is constantly backed up so I should be golden. Any sites that store information about users or the owner, or collect payments, etc should of course worry about security from the coding on up, but I really haven't had an issue nor a need to employ advanced security tactics in webdesign. I remain up to date on security threats and methods to prevent breaches as much as I can in case there is ever a client that requires these type of implementations in the development of their website, but so far it has just been knowledge w/ no application or experience.