In my earlier post, I called James out on his post, which was a fairly biased statement about EMC’s testing for security, or lack thereof. In my post, I pointed out that the security warning did not warrant such an attack. I tried to point out that James wasn’t necessarily wrong in his statements, just that he didn’t provide any evidence that backed them up. He criticized their proactive efforts when the source material calls for a reactive effort.

Well, James replied to me in two subsequent posts. The first post endeavored to teach me about the importance of testing for security in systems proactively. It wasn’t a lesson that I needed, having heard of the SQL Injection attack back in the 90s as a weakness in ASP applications (or at least an attack that was fairly similar). Being aware of these issues, I’ve make a point of controlling what a user can do in interfaces.

His points are valid though, so I wanted to take time to talk about them. This is my first post in a series addressing the points he brings up. So if I don’t address something now, don’t worry it’ll come.

Continue reading →