Code it
4.6K views | +0 today
Follow
Code it
This is a curated resource for programmers and software architects. It is regularly updated with Articles, Hacks, How Tos, Examples and Code.
Curated by nrip
Your new post is loading...
Your new post is loading...
Scooped by nrip
Scoop.it!

Why Software Security Is a Skill All Programmers Should Have

Why Software Security Is a Skill All Programmers Should Have | Code it | Scoop.it
From www.makeuseof.com - June 22, 2021 1:41 AM

As a programmer or developer, the importance of creating secure applications cannot be overstated.

 

Software security deals with the management of malicious attacks by identifying potential vulnerabilities in software and taking the necessary precautions to guard against them.

 

Software can never be 100% secure because a developer can overlook a bug, create new bugs in an attempt to fix existing cases, or create new vulnerabilities through updates.

 

However, there’re two key practices that all software developers can employ to ensure that they create secure software

---

  • writing secure code in the first place, and
  • efficiently testing your code.

 

Software Security Is a Crucial Skill For All Developers

Developing good software is synonymous with ensuring that your software can withstand any malicious attack. This is only achievable through the writing of secure code, the continual testing of an application, and maintaining control of who has access to your data.

 

 

read more at

https://www.makeuseof.com/software-security-skill-all-programmers-should-have/

 

more...
No comment yet.
Sign up to comment
Scooped by nrip
Scoop.it!

Upgrade WordPress to PHP 7: How to Do It Safely

Upgrade WordPress to PHP 7: How to Do It Safely | Code it | Scoop.it
From themeisle.com - October 15, 2018 7:16 PM

To upgrade WordPress to PHP 7, the process itself is easy.

 

In this article, we'll teach you how to make the switch and upgrade WordPress to PHP 7 the right way.

 

If you have full privileges on your server, you can upgrade WordPress to PHP 7 using your command line. On the other hand, if you’re on shared or managed hosting, you’ll probably have to ask your provider’s support team to upgrade your site manually.

 

In either case, the actual process is straightforward. The problem is that if you don’t take any precautionary measures, you run the risk of breaking elements of your site that don’t play nicely with PHP 7. That’s why we’re partial to a different approach that enables you to eliminate most of the risk involved.

 

Step #1: Back up your website

Step #2: Create a local staging copy of your site

There are plenty of ways to create a staging copy of your website, Try Local by Flywheel because it’s easy to set up. Plus, you don’t need to be a Flywheel customer to get the app. Just go to the website, fill out a short form, and download the tool.

Step #3: Test your staging site

Step #4: Upgrade your live site to PHP 7

There are two ways to approach it, depending on your host:

 

  1. If you use a Virtual Private Server (VPS) or any other hosting option that gives you full control, you can upgrade WordPress to PHP 7 from the command line.
  2. If your host doesn’t give you this level of access, you can ask them to upgrade you to the latest version through their support system.

 

When you’re done, be sure to test your site’s performance again (just to be safe). 

 

references:  

 

https://themeisle.com/blog/upgrade-wordpress-to-php-7/

 

https://wpengine.com/resources/upgrading-to-php-7/

 

 

 

 

nrip's insight:
You must upgrade your Wordpress sites to run on PHP7.
 
As mentioned earlier, security updates to PHP5+ branches will end on December 31, 2018.
 
Ask/Urge/Force your website developers, web managers, website hosts to move your sites to run on PHP7+ 
 
 

 

 
more...
No comment yet.
Sign up to comment
Scooped by nrip
Scoop.it!

Mozilla, EFF And Others Band Together To Provide Free SSL Certificates

Mozilla, EFF And Others Band Together To Provide Free SSL Certificates | Code it | Scoop.it
From techcrunch.com - November 19, 2014 4:12 AM

Mozilla, Cisco, Akamai, the Electronic Frontier Foundation, IdenTrust and researchers at the University of Michigan are working through the Internet Security Research Group to create a new certificate authority to offer digital certificates for free to anybody who owns a web domain. The “Let’s Encrypt” group will launch this service next summer.


Currently, the EFF writes today, “HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.”


The Let’s Encrypt project aims to make getting certificates not just free, but also as easy as possible. It will take two simple shell commands to enable HTTPS for any given site that wants to use it. All of the certificates that are issues or revoked will be public and the team aims to make its protocols an open standard that other certificate authorities can adopt.


Developers who want to test the service can head over to  https://github.com/letsencrypt/lets-encrypt-preview  to take a look at the code, but this is definitely not meant for production servers yet and if you decide to ignore that warning, chances are your users will see lots of warnings about your certificate that will keep them from ever seeing your site.


more at http://techcrunch.com/2014/11/18/mozilla-eff-and-others-band-together-to-provide-free-ssl-certificates/


more...
No comment yet.
Sign up to comment
Scooped by nrip
Scoop.it!

Poor quality software cost companies more in 2020 than in previous years

Poor quality software cost companies more in 2020 than in previous years | Code it | Scoop.it
From www.techrepublic.com - March 17, 2021 3:02 PM

Software developers found themselves working very hard throughout 2020 as many businesses were forced to switch to entirely digital operations in a very short period of time.

 

But according to a new report from the Consortium for Information and Software Security (CISQ), this haste came at a cost: something to the tune of $2.1 trillion, to be precise, and billions in waste

 

CISQ's 2020 report, The Cost of Poor Software Quality in the US, looked at the financial impact of software projects that went awry or otherwise ended up leaving companies with a larger bill by creating additional headaches for them.

 

According to the report,

  • unsuccessful IT projects alone cost US companies $260bn in 2020,
  • while software problems in legacy systems cost businesses $520bn
  • and software failures in operational systems left a dent of $1.56 trillion

 

Now, why poor quality software cost companies more in 2020 than in previous years

 

As any Software Specialist and IT Architect will tell you,  when it comes to software development, speed is a trade-off for quality and security.

 

And, time was a luxury that many businesses couldn't afford in 2020, with the pandemic forcing offices to shut and prompting rapid digitization. As companies brought forward their digital transformation plans software development projects expanded rapidly.

 

Also, the attitudes of most business leaders towards digital innovation are archaic, particularly when it comes to software.

 

"Software quality lags behind other objectives in most organizations. That lack of primary attention to quality comes at a steep cost.  While organizations can monetize the business value of speed, they rarely measure the offsetting cost of poor quality."

 

It just takes one major outage or security breach to eliminate the value gained by speed to market. Disciplined software engineering matters when the potential losses are in trillions.

 

As software is being developed and used the world over more  than ever before, the cost of poor software quality is rising, and mostly still hidden. Organizations spend way too much time finding and fixing defects in new software and dealing with legacy software that cannot be easily evolved and modified.

 

Read the original , unedited article at https://www.techrepublic.com/index.php/category/10250/4/index.php/article/developers-these-botched-software-rollouts-are-costing-businesses-billions/

 

nrip's insight:

Why poor quality software cost companies more in 2020 than in previous years

 

When planning a software development plan, one has to pick 2 of 3 parameters which you can specify, Price and Cost , Security and Quality, Time to develop.

And Price and Cost is always picked. In 2020, time was a premium so it was expected for projects to be developed in as short a time as possible, So its obvious that security and quality was sacrificed.

  

Also, the attitudes of most business leaders towards digital innovation are archaic, particularly when it comes to software. Software quality lags behind other objectives in most organizations.  While organizations can monetize the business value of speed, they rarely measure the offsetting cost of poor quality."

 

It just takes one major outage or security breach to eliminate the value gained by speed to market. Disciplined software engineering matters when the potential losses are in trillions.

 

As software is being developed and used the world over more  than ever before, the cost of poor software quality is rising, and mostly still hidden. Organizations spend way too much time finding and fixing defects in new software and dealing with legacy software that cannot be easily evolved and modified.

more...
No comment yet.
Sign up to comment
Scooped by nrip
Scoop.it!

The highly popular PHP 5.x branch will stop receiving security updates at the end of the year.

The highly popular PHP 5.x branch will stop receiving security updates at the end of the year. | Code it | Scoop.it
From www.zdnet.com - October 15, 2018 1:07 AM

According to statistics from W3Techs, roughly 78.9 percent of all Internet sites today run on PHP.

 

But on December 31, 2018, security support for PHP 5.6.x will officially cease, marking the end of all support for any version of the ancient PHP 5.x branch.

 

This means that starting with next year, around 62 percent of all Internet sites still running a PHP 5.x version will stop receiving security updates for their server and website's underlying technology, exposing hundreds of millions of websites, if not more, to serious security risks.

 

If a hacker finds a vulnerability in PHP after the New Year, lots of sites and users would be at risk.

 

"This is a huge problem for the PHP ecosystem, While many feel that they can 'get away with' running PHP 5 in 2019, the simplest way to describe this choice is: Negligent."

 

"To be totally fair: It's likely that any major, mass-exploitable flaw in PHP 5.6 would also affect the newer versions of PHP," Arciszewski added.

 

"PHP 7.2 will get a patch from the PHP team, for free, in a timely manner; PHP 5.6 will only get one if you're paying for ongoing support from your OS vendor.

 

"If anyone finds themselves running PHP 5 after the end of the year, ask yourself: Do you feel lucky? Because I sure wouldn't."

 

more at https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/

 

 

 
more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn