Conclusions
Don't Assume an External Technology Will Handle Internal Problems
A firewall won't save an unpatched server
IDS doesn't fix bad code
Don't Neglect Opportunities to Minimize Trust Between Layers
Internal audit trails
Checking return codes from calls to external components
Validating input (properly!)
Secure the Application, Not Just Pieces of the Application
Design defenses that incorporate all components
Be responsible (at the very least, be knowledgeable!) about
problems inherited from components
Recognize that often, it's not technology that fails us
This page is maintained by Foofus.
Send comments or questions to foofus@foofus.net.