Web Apps: The Top VulnerabilitiesISACA Shares Common Challenges, Solutions
Many [programmers] pick up application programming as a hobby," Sembhi says. "They don't go to school for it. They don't know the vulnerabilities. So we need to challenge the way people learn. What's missing is training - training on coding securely."
In a newly published white paper, ISACA outlines recommendations for organizations interested in enhancing their internal training for coders, as well the career direction ISACA sees more specialized coding taking in the future.
"There are some very specific courses for coding that are out there, depending on the kind of coding," Sembhi says. "These professionals will become highly skilled individuals, making the design more streamlined. ... The key thing here is always education."
During this interview, Sembhi discusses:
- The need for organizations to training and education costs for coders into their budgets;
- The impact supply chain and the introduction of new components can have on application security vulnerabilities; and
- Why design and architecture are two critical areas linked to Web app security.
Sembhi is past president of ISACA's London Chapter and serves on the GRA subcommittee and is a member of ISACA's Professional Influence/Advocacy Committee. He also is director of consulting services with Incoming Thought. Previously, he served a security researcher.