December 2011
Beginner
384 pages
9h 38m
English
Content preview from Web Application Security, A Beginner's GuideBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Classifying and Prioritizing Threats
In a perfect world, we would tell you that all security vulnerabilities are equally serious. We would tell you that if there’s even the slightest chance of a single attacker being able to compromise a single user for even the smallest nuisance attack, that you should hold off the product release until every single possible vulnerability has been eliminated from the code. And if anyone ever does manage to find a vulnerability in your application, we would tell you to drop everything else you’re doing and go fix the problem.
But of course, we don’t live in a perfect world, and a hard-line approach to security like this is completely unrealistic: you’d never actually ship any code. You need a method to prioritize ...