I am a bad security person. I write code and am too lazy to check it for security issues. I procrastinate, I use the same passwords, I hope that whatever the bad guys are looking for, I will be lucky enough to not be the place they look for it.
And you say, “Shame on you, Jake! We use your code, why would you make it not secure?” And in reality it’s mostly because I don’t know much about security. But I admit that I have a responsibility to at least learn more about it, which is better than most people.
So here it goes, the list of links that I will be using and links for you to use to level up security-wise. Please post more in the comments, write things to me on Twitter and Facebook, and let’s start a support group of insecure web developers and users.
If you use any computers at all:
I have a one big link for you to read before you scroll down the rest of the page or leave because security is boring. Please read this 17 minute article about how broken the web is:
Yes, it will be scary. Yes, it uses a lot of profanity. Yes a lot of it goes over my head. But I think this article is really important if you want to be scared into learning more about security with me. I read that the first step to initiating change in an organization is inciting a sense of emergency. Once you read that article, you will feel the emergency.
If you are a web developer:
First, watch this 25-minute video by Alec Baldwin (no, not that Alec Baldwin) about Security First Development. It is very good to start you on this path of finding resources and thinking about things from a security standpoint.
Then, when you want to find out about different security advisories, check out the lift security advisories page, and general things on their blog. I’ve also blogged once or twice about cryptography things.
If you are feeling really serious:
Go ahead and start trying some of the crypto challenges from matasano. It’s a walkthrough of real-world problems in cryptography, and will get you to think about things from a very practical standpoint. I will be going through these myself soon, so hopefully I can blog about my experiences and help out you guys along the way.
That’s it, my very short spiel on security. I am really bad at it, and lack a lot of the expertise needed to make a system secure, but I’m doing my part to learn more. I hope I could inspire you to do a little bit more too.