Wednesday, December 7, 2011
Samsung Galaxy Projects Review - class 10
This time we had a class about security. This is one of the most important topics for any web apps developers. Unfortunately there is no special course on security in the curriculum and we could not afford to spend more then one class on it, too bad. Tomas Charvat prepared very condensed class reviewing the security. He has approached the first part from the point of view of a company CIO. Their main concern is the disaster recovery strategy and security. What is the security role in a company? What are the principal security guidelines and processes? The company CIO needs to answer these questions precisely and we have learned the basic approaches. Then Tomas listed the main security standards and explained briefly the history. Next we have looked at how to conduct security audit, penetration test and vulnerability scan and what are the differences.
The last part of the presentation introduced the most common types of attacks. Examples of DOS, SQL injection and cross scripting vulnerabilities were explained along with graphs of security incidents. Overall this was a great class covering the most important security aspects.
In the next class we are going to look at how to select the right hosting site based on the type of application, which will be pitched by Tomas Vondra. After that we will follow with the project presentation.
It is sad, but I have to report two of the fourteen teams broke. The teams stopped working on the projects. On the other hand there are signs that some of the teams will create nice working demos.