Template:Application Security News


 * Custom escaping considered harmful
 * "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."


 * Oracle teaches developers security
 * "We track the security training completion status of each developer and provide regular reports on training compliance to development management and to senior corporate management to ensure a level of security training is maintained in each organization."