Security in the Round
Note: This article was originally published at Planet PHP
on 17 December 2012.
My post for this year's Web Advent was posted last night - Security in the Round. It's a pretty high level look at something that's easy for developers to forget about. To quote Bruce Schneier:
The mantra of any good security engineer is a€oSecurity is not a product, but a process.
It's more than just designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together.
It's about people, networks, systems, hardware, processesa€¦.oh yeah, and the code. Don't forget the bigger picture. I presented some about this (and other more PHP-related topics) at True North PHP, you can see the slides here.