Developers: Try this!

In the spirit of security, I’d like to challenge every developer that reads this blog to one simple challenge:

Every time you see a piece of code, spend some time assessing it, and understanding what it’s supposed to do, and how it could fail. Once you’ve done try, try to make it fail using OWASP Top 10, or, really any bad input data.

That’s the challenge, while it may add a few extra minutes on your day-to-day tasks, the business reward is generally worth the time. If your employer doesn’t see the need to complete this testing, then you should educate them on the risks of not doing the testing and proving it’s secure to the best of your abilities.

Remember the Pareto principle (80/20 rule), the short version: 80% of your effort will result in 20% of your gain, yet 20% of your effort will result in 80% of your gain. Do the 20% required by the challenge on a daily basis, and you should see a higher gain.