This is a simple concept that I find myself using when explaining what TeamMentor is and how it can be used.
Here is a very common web activity for developers: Do a google (or StackOverflow) search on a particular problem, find a solution that looks good, copy and paste the code sample into the current application and fiddle-with-it until it works.
The problem with this approach is that the code pasted might not be the most secure solution for the problem at hand (and the changes made, might make an secure code sample, into an insecure one).
So what we want is for the developers to copy and paste from TeamMentor (vs from Google)
The idea is that once the content has been customised to the target application, the developers can use it as their 'copy and paste' repository (since those code samples are basically an application's or company's coding guidelines)
Yes, the 'out-of-the-box' articles are good and will add a lot of value, but without customisation their are just a faster way of finding similar content in Google.
But once those articles reflect the target application's reality, its value dramatically increases, and finally will have a location where we can point developers for: focused, prescriptive, relevant and accurate security guidance.
A personal blog about: transforming Web Application Security into an 'Application Visibility' engine, the OWASP O2 Platform, Application/Data interoperability and a lot more
Tuesday, 1 May 2012
Don't copy and paste from Google, copy and paste from TeamMentor!
Labels:
TeamMentor