Thanks Jamie for the mind-awakening post.
I have a question regarding a general security.
When you program, sometimes implementing with O(n^2) or O(n log n) algorithm is just good enough compared to a possible O(N) ones.
O(n log n)
Are there any absolutely minimum of security knowledge developers should know about that's good enough?
Imagine you want to steal a car. You case a street and check out each car, one by one. You look for any visible means entry, but you're also looking for any physical locks on the steering wheel, etc. You also need to know which models are easier to hot wire.
Now imagine that you have to park your car along a street where a lot of thefts have taken place. To ensure that your car isn't going to be picked out, you make sure that you have put any valuables away in the glove box or trunk locked your car; placed a physical lock on the steering wheel; engaged the imobiliser; armed your alarm; etc.
In security, you need to be looking for the ways that someone could break into your app. You want to find as many as possible and put things in place to stop others from exploiting them.
I would say that every web developer should know of the OWASP Top 10 security risks, at the very least. You could easily lose a day or two, doing a deep dive on the OWASP site (just like anyone could with TV Tropes) and still only scratch the surface.
How I understood was that, when hackers are looking for vulnerable sites and tend to attack those with lack of security measures.
And "a street where a lot of thefts have taken place" sounds like a popular commercial sites, where security need to be more tight.
And thanks mate for providing the absolutely minimum (OWASP list) one should know.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.