Web Application Security Quotes

“Writing a secure web application starts at the architecture phase. A vulnerability discovered in this phase can cost as much as 60 times less than a vulnerability found in production code.”
― Andrew Hoffman, Web Application Security: Exploitation and Countermeasures for Modern Web Applications

“Detecting what software is running on the client (browser) is much easier than detecting what is running on the server.”
― Andrew Hoffman, Web Application Security: Exploitation and Countermeasures for Modern Web Applications

“From this we can see that architects of early telephone networks only considered nor‐ mal people and their communication goals. In the software world of today, this is known as “best-case scenario” design. Designing based off of this was a fatal flaw, but it would become an important lesson that is still relevant today: always consider the worst-case scenario first when designing complex systems.”
― Andrew Hoffman, Web Application Security: Exploitation and Countermeasures for Modern Web Applications

“Good security starts with good design that con‐ siders the distributed nature of the application. Hoffman also takes time to stress that security is not a singular event, but rather a process that must be folded into the entire software development life cycle.”
― Andrew Hoffman, Web Application Security: Exploitation and Countermeasures for Modern Web Applications