Latest software headlines from Network World:
File storage and viewing apps for iPhone
How to Ruin a Great Application
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Don't bother with these guys
They mention the dangers of SQL injection, but not those of command line injection via Runtime.exec. They also don't discuss how to structure/process dynamic requests to prevent injection. They mention JSP's but not the dangers of the JSP compiler, or the benefits of JSP precompilation and removal of the JSP compiler. They don't talk about the principle of protocol transformation. They mention JAAS but not PAM's or LDAP. No talk of SSO and the impact of global sessions. No mention of how to use hardware routers with NAT and VPN. They mention exceptions, but nothing about modifying the standard error page not to display the exception call stack back to the caller. No mention of the hazards of JNI.
GAH!!!
Seriously. Don't bother with these guys until/unless they progress beyond the n00b stage.
2 cents
They are talking about programming practices they refer to as "industry standards" they will claim when used reduce release of vulnerable code.
How to solve infra-structure issues or how to work out the security issues of authentication and authorization is something learned in college.
Having said that, I agree with your advice not to bother with these guys [unless you need stuffing for your resumé].
Sounds like they are trying to carve a market for themselves; maybe the sponsors of this group will give preference to programmers who go through the program.