39
linuxxx
5y

I really have this fucking love/hate relationship with application security.

For a lot of stuff that I write, user input has to be validated, authentication is required and so on and I do love looking into that, pentesting my own applications to death and thinking about the security architecture of the application itself.

But, sometimes, I just want to focus on the fucking features and then it annoys the living hell out of me that securing an application can take so much time and brain power.

Yay and grrrr, I guess.

Comments
  • 5
    If you're in a "I don't want to deal with this rn" mood, most frameworks have really good input cleanup features behind the scenes
  • 3
    @epse Yup I know but most frameworks are way too much for what I need so I wrote my own.

    Also, I want to know a framework inside out in case I need that and with big ones like Laravel, that's not going to happen with the amount of time I have :/
  • 1
    @linuxxx you could have a look at Lumen or plain symfony? Symfony has a lot of validation and it's more a collection of utilities than a monolithic framework.

    I'll still use laravel and pinch it where I know it hurts to make it go faster
  • 1
    Fair point. In my ecosystem, the issue is really clients. They will not pay extra for the time needed to build in application security, evaluation phases, security checkpoints in the development lifecycle, etc...

    Tbh if more people said "hey you know what you're right we should be allowing extra time for a secure application that can be extended to be more secure in the future... here's a couple extra thousand dollars of funding plus an extended time period with a grace period" then we'd have a lot less cambridge analytica's and Experian's.
  • 2
    @epse I could have a look but I already do validation automatically in my framework, sometimes a case just arises where I have to do more checking and that annoys me at times :)

    My own framework, although I am definitely not claiming that it's better than others, works exactly the way I need it to work, being very tiny as well.

    Not saying I'll never switch to something else but for now, this fucker is very tiny and does exactly what I need!
  • 0
    @linuxxx can that little fucker be inspected somewhere?

    How can I not giggle at my own comment right here
  • 0
    What’s your website domain(s)? I’ll check. ;)
  • 0
    Then next implement some crypto(-;

    There it get's real crazy. This guy did. Nice read, I think: http://loup-vaillant.fr/articles/...
Add Comment